How can I set up ‘anyone with this link can view this page’-type functionality, similar to when you share a Google Doc?
Example from Google Docs:
I have a site which has only two data types: ‘Users’ and ‘Prospects’. My site has 2 pages.
Both pages are set to have the type ‘Prospect’. Each page contains elements like files, videos, and text, which are populated dynamically when the page loads based on which Prospect is used to populate the page.
My goal is that only people who have a specific URL (one which includes a valid prospect identity) should be able to view the pages.
To avoid people being able to load these pages by simple guessing the URL, I have added a random 6-digit number to the end of the ‘slug’ field for each prospect. I have put all of the elements of a page into a group, and set the group to only be visible if: ‘search all Prospects contains Current Page’s Prospect’:
For example: www.myapp.com/page-1/prospectA loads Page 1, runs a search to see if my database of Prospects contains ‘prospectA’, and then if it does it makes the elements of the page visible. The elements themselves (e.g. Video, text etc.) are then populated dynamically (e.g. ‘Current Page Prospect’s Video ID’).
This is all good, and working fine.
My question is whether this is in fact secure or not – in particular, I’m concerned about the step when the page is loaded, and bubble runs a search through all Prospects in my database to see if one matches with the data included in the URL.
For example, is there a risk that someone could somehow extract the list of all Prospects in my database, and then use that information to construct a valid URL needed to load a prospect’s information on a page?
Thanks in advance!