Forum Academy Marketplace Showcase Pricing Features

Josh: Request for a Security Q&A Guide

@marktuff Anybody chime in on this yet? I just realized my privacy roles were wide open and have tried to lock them down but would like to check in with an expert.

@cococubmobileapps, not yet! Perhaps with our bumping this thread we’ll be fortunate that someone with expert knowledge can chime in!

@marktuff @cococubmobileapps When you have data API exposed for specific data types, it is visible to users based on the privacy roles defined for that data type. If you have a condition like ‘current user is logged in’ for ‘Contact Us’, all logged in users can see that data type.

1 Like

Hello!

Is this still the best post on security? I have an enterprise customer asking some pretty generic questions but want to make sure I answer them accurately.

3 Likes

When you and @josh and the team work on the security documentation, can you please please please include screenshot examples for an example app?

For example the 3 answers you gave above are still not understandable to me without you using actual data examples from a real example app with actual screenshots. Everyone learns differently and I don’t get things unless there are real life examples in pictures and using real data examples. Because of this, these 3 answers don’t mean anything to me.

I know I can’t be the only visual learner in the forum…

4 Likes

Very useful. You are awesome.

@josh - one-way hashing is great, but what hashing function do you use? bcrypt, scrypt, pbkdf2, argon2id? Hashed passwords could still be attacked via the login form.

1 Like

Hi @josh @emmanuel @Bubble .

Are you considering improving the privacy conditions? Right now, if the app is somehow complex, and needs pivot tables to link Things, it is not possible to use privacy conditions.

The way the privacy conditions are designed now are for in-table lists, where you can look up the lists (or the fields within the table), but if the data to grant/block access is in a pivot table, then it’s not possible to use the privacy settings.

Or am I missing something?

Thanks!

1 Like

Hello,

I have a similar question.
I’m not sure if that’s possible, but it would be great if we will be able to make a kind of limited searches. For example, Do a search for Things (with constraints): count > 0.

1 Like

Right now, I find myself duplicating data everywhere so I can actually use the Privacy rules.

It’s also hard to know when Privacy rules are preventing you from seeing data. I wonder if there’s a good way to know when privacy rules are being applied (perhaps in the console panel?)

Hello Guys…just signed up to come and take a look. Early views are…
The platform isn’t as easy to grasp as I thought. There is still a learning curve to understand it.
The security issues are a huge hurdle for me. I could only ever use bubble to build a concept. It simply isn’t secure enough for me to trust storing data in it - and I have to say - after all the time since this thread started, still no sight of a document that clearly outlines the standards and methods to secure data is not good. In 2020 a user would be hung out to try for a data breach. It looks like some are drawing a distinction on the ‘level’ of data security dependent on what it is used for. I don’t see that kind of distinction in GDPR for example. Twitter would be hung out to dry just as much as HSBC if it had a data breach exposing its Euro users to harm. So, for me, data security is a must and this will hold Bubble back until all aspects of data security and the workflow to control it is clearly - very clearly - laid out. Until then it seems as though there is an element of buck passing that when you provide the tools to ‘write’ the code (be it through visualisation or otherwise) you have to take responsibility for how it is used and implemented if you don’t provide clear direction to secure the most effective security principles. So, for me, I can’t use it until the methods for ensuring security and privacy are laid out very clearly.