Forum Academy Marketplace Showcase Pricing Features

How to securely implement 'anyone with this link can view this page'

How can I set up ‘anyone with this link can view this page’-type functionality, similar to when you share a Google Doc?

Example from Google Docs:

I have a site which has only two data types: ‘Users’ and ‘Prospects’. My site has 2 pages.

Both pages are set to have the type ‘Prospect’. Each page contains elements like files, videos, and text, which are populated dynamically when the page loads based on which Prospect is used to populate the page.

Screenshot 2020-09-16 at 12.30.23

My goal is that only people who have a specific URL (one which includes a valid prospect identity) should be able to view the pages.

To avoid people being able to load these pages by simple guessing the URL, I have added a random 6-digit number to the end of the ‘slug’ field for each prospect. I have put all of the elements of a page into a group, and set the group to only be visible if: ‘search all Prospects contains Current Page’s Prospect’:

Screenshot 2020-09-16 at 12.21.55

For example: loads Page 1, runs a search to see if my database of Prospects contains ‘prospectA’, and then if it does it makes the elements of the page visible. The elements themselves (e.g. Video, text etc.) are then populated dynamically (e.g. ‘Current Page Prospect’s Video ID’).

This is all good, and working fine.

My question is whether this is in fact secure or not – in particular, I’m concerned about the step when the page is loaded, and bubble runs a search through all Prospects in my database to see if one matches with the data included in the URL.

For example, is there a risk that someone could somehow extract the list of all Prospects in my database, and then use that information to construct a valid URL needed to load a prospect’s information on a page?

Thanks in advance!

From the Bubble Manual


Thanks Steve. Do you have any ideas how I could use privacy rules in this case to keep the data private, while also enabling the functionality of ‘anyone with this link can view this page’? Thanks

Well, AFAIK, “keep the data private” and “anyone with this link can view” are completely opposite things, and a page can’t be both at the same time. The latter means that the page is public; it’s just that the URL is difficult to guess, and so it’s highly unlikely someone who hasn’t been directly provided the link will discover it.

That’s also true for the Google Doc link you referenced as an example. That doc is not “private” at all. If someone with that link posts it to social media or otherwise broadly shares it, then anyone with that link can access the document.

If that’s what you’re after, then sure, it seems like you could just create a URL that would be difficult to guess. Bubble’s new Page Slug feature could come in handy for that. It might be as simple as generating a “hash” from a Thing’s unique ID to serve as the page slug.

If, instead, you’re after truly “private” data, then I think the only way to have direct control over who sees the resource is to require logging into an account on your app.


Premium Bubble Plug-Ins

Thanks Steve. Yes, I don’t need the page to be truly private. I’m comfortable with the small possibility that someone could randomly guess the link, but I just want to avoid the possibility that someone (most likely, someone who already has one valid link) could find other valid Prospect slugs if they are somehow being exposed on the page.

Just to double check on that: if I load a page, is a list of Prospects being sent from the bubble server to the user’s computer, or is that search of the database happening entirely on bubble’s server? If the latter, I think I’m good to go because no other Prospect’s slug would be sent to the user’s computer.

If a list of prospects is in the search results (i.e. if there’s a list of prospects on the page somewhere), then yes. The search itself happens on the server. It’s the results of the search that are sent to the client (browser). Again, be sure to use privacy roles to control view access to data.

Thanks. No, there’s no list of prospects in the search results. I’d use privacy roles to be doubly sure, but that breaks the desired functionality of allowing users to view material on a page based only on a unique URL. Thanks!

Hi everybody,

I’m struggling with a similar issue and seems there is no solution. Thing is:
if you have a page with data type “something”, the page is only visible if the privacy rule of this data type is set to “find in searches”. If I uncheck this option, the page is blank (no matter that “view all fields” is checked). So it seems that bubble engine handles addressing a page datatype via unique_id or slug from the URL as a search :open_mouth:

And as far as I understand (or maybe I’m wrong?) if you have a “find in searches” checked, it means that basically everybody can read all data within this datatype.

So, there is no way to securely implement “anyone with the link can view this page” for now?
@emmanuel please help. Thanks a lot!

Hi @twillcs and @oleg.sobolev66 – were you able to find any solution? I am working on similar functionality in my app (data is private, but I want to be able to generate a link that would allow anyone with the link to view a specific record).

I wonder if it can be accomplished via Bubble calling its own data via the API connector.

Just guessing: What about a new data type that’s built for the sole purpose of sharing? You copy over plain text values and such so that it’s shareable in a relatively secure way and you can apply different privacy rules without affecting the main source of the data. You’d need to build some backend workflows to update this secondary sharable data type if the main one changes. Just an idea I had.

I’ve pondered this subject for a while because I eventually want my users (who are business owners) to provide URLs for invoices to their customers that can be paid online without needing their customers to have a password or anything like that.

Thanks for taking a look! I could see that working, or a similar approach where you create a “code” field which is empty, and then when you want to share an entry, the workflow populates the code field and uses it in the link you send (link would use the code as a parameter that Bubble uses to find the entry). You can then use privacy settings to only make entries public only when the code field is used.

Both this approach and the datatype dupe approach you mention basically create a subset of the database which is “public” and therefore is potentially findable.

If information is sensitive, I wonder if there’s a way to use the API connector to connect Bubble to itself, so that a code is sent and Bubble checks it on the backend, and then sends back data via the API connector only if the code matches something in the datatype. I’m learning about these types of lookups currently and will post if I figure it out.

But it sounds like there’s no way unfortunately to accomplish such a link via the regular privacy rules and search functionality.