Hello. I am currently developing an event registration form that does not use user fields.
I think of using the display in data workflow to create a page that displays the registration results. This way, the data is not saved, so if you reload the page, the data will disappear from the browser, so I don’t think that the data will be stolen by a third party, but should I still set privacy rules?
Users who apply can only see the information they entered on the screen once, but the input will also be sent by email, so it’s not a problem.
You have to understand two Bubble security concepts beforehand
- Privacy Rules, among other things, prevent that certain data never ends up in a user browser, even if not shown on screen.
- Data that reaches a user browser is data that has been already exposed
Good practices on security dictates that Privacy Rules must always be in place by default, and they should be loosed as strictly needed and under system design assesment.
So yes, you should always set Privacy Rules by default.
1 Like
Since you’re not saving user data in the database and only displaying it temporarily using the “Display Data” workflow, the risk of unauthorized access is minimal. If the page is refreshed, the data disappears, meaning no persistent records exist for someone to steal. However, if you’re using a backend workflow to process the form data before displaying it, you should ensure that no unintended data is exposed through API calls or logs.
Privacy rules in Bubble mainly protect stored database records, so if nothing is being saved, they may not be necessary. That said, it’s always a good practice to restrict access to any unnecessary data, even if your use case seems safe.
1 Like
Thank you for your answer. It seems that the application of privacy rules is a common view among bubble users. We will implement it using the privacy rules.
Thank you for your answer. We also need to consider future vulnerabilities. I think you are very right. We will develop a system with privacy rules.
1 Like
