Guys, you all have been so nice and helpful. And now i have another question.
Is there a way I could protect one page in my app with password? I am not talking about privacy rules or CURRENT USER PASSWORD.
I am working on an APP where NOT REGISTERED ppl need access to one survey page. Maybe like a way it’s possible with WORDPRESS to give access to certain articles using PW.
Hope someone can help me here.
Always thank you all so much.
Hi @heiki
if i understand you right you can do that by prevent loading any data with this page till he write password
so you you can show popup when page load and if he write password right he can continue the app normally if not right he will see this popup only .
needless to say that anybody can go through bubble’s code and check the workflow condition to know the “secret” password
Yeah password would be an API call to your own app that bypasses privacy rules and verifies if the current password is valid or not using the relevant database field.
wich is still a public info
Hi @dorilama
I didn’t mean that password will be visible in workflow by setting it in state or anything related to frontend it is a big problem as you mentioned
But he have to check it in backend WF to be secret .
No… the API call to the backend workflow returns a true or false depending if the password is equal to whatever database field you’re storing it in (the one that is protected by privacy rules).
I mean, if the page has no secret data and the password thing is to just add friction it’s ok, but if it has any secure data the only safe way if auth
Ah, you’re talking about the data shown on the page after entering the right password. It sounded like you were referring to the password itself.
yes, even if you return a boolean you are literrally reinventing your own password auth and to get the data you need to give up on privacy rules because you are not using bubble’s auth. What’s the point of using bubble if you don’t use the built-in security features? You can sign up the user without email confirmation and get the same result in a secure way
Another solution to only use password is to create a “dummy” user. User will authenticate with the password and you will provide the dummy user email for this page (directly in the log the user in action, the end user doesn’t need to know the email and enter it). This way, you can apply privacy rules and do it for this specific dummy user
yeah, i was thinking of something similar. But where to store PW? I actually dosen’t have to be super secure.
In my case it’s not so much secret data. Just survey page to be protected temporarily.
This looks like a very good solution. But you mention that user doesn’t have to enter dummy email. How that works? I thought that for authentication to work both email and PW are needed?
yes, i just need to protect one survey page which is not super secret one either. Just don’t want some random ppl to fill it out and submit it.
You enter the email manually in the email field for log the user in action but use dynamic value from password input.
