Repeating group privacy

hacker · March 8, 2021, 2:57am

Hey,

I have a RG in my app that searches all users and returns only the fields that are checked in the privacy settings. Fo example, name and email are checked for everyone to view. In the RG I only display the name of the user.

Can someone access the email even if it´s not displayed (but checked for everyone to view)?
Can someone do this with the inspect tool in the browser? If yes, how?

Thanks in advance

ed727 · March 8, 2021, 3:41pm

Per Bubble’s manual, yes. See first paragraph:

https://manual.bubble.io/help-guides/working-with-data/protecting-data

You should uncheck the email and set up a condition so that only an admin can view it, or a person can view only their email.

hacker · March 8, 2021, 6:41pm

The thing is that I need the RG to be filtered by email´s confirmed = yes, so the email must be checked for everyone to view (the RG is public).

But I don´t want to make it easy for someone to download user´s email (even if the email is not displayed).

ed727 · March 8, 2021, 8:15pm

I believe email is a separate field from email confirmed (the latter isn’t a field you can see in the data tab, but I’ve always considered it as a field since it holds a value and you can access it in the editor). So try unchecking the email field in privacy and see if your search constraint still works.

PS: on privacy generally, if you are holding data that needs to remain private, it’s good practice to run your privacy setup and goals past Bubble support.

hacker · March 8, 2021, 8:24pm

Nope, it’s the same field.

I tried checking email, and the filter wasn’t working until I checked the email again.

But my question is, can someone (a hacker) download all user´s emails from the RG in the browser?

ed727 · March 8, 2021, 8:43pm

Just tried it on my end and it worked. I had every field unchecked, but I did have “Find this in searches” checked.

On your question, I don’t know exactly how, but given what Bubble has said about this, I assume a hacker could create a call to the database similar to how a RG calls data from the database. Since privacy rules are checked server side, Bubble would refuse to return data unless the condition was met.

Had another idea hit me – you could use a privacy rule to only show users where email confirmed = yes. That way you wouldn’t even need to use a filter.

hacker · March 8, 2021, 10:26pm

I had the “email” field unchecked and "Find this in searches” checked, but didn’t worked. Weird

Can you please explain a little more?
Thanks

ed727 · March 9, 2021, 2:57am

I did some more testing on this. I made a mistake in saying I got it to work, because in the quick test data I put together, the signed in user was the one who had email confirmed = yes, so Bubble was letting the RG access the signed in user’s own data despite the privacy settings.

You may already know the below, but what I learned in testing was…

The “email confirmed” field is not connected to any specific choice in the privacy checkboxes for User datatype. If you allow access to view all fields, then you can access it and use it in a search :filter. But the moment you unclick “View all fields” in privacy settings, “email confirmed” is unselected. So it’s all or nothing. Selecting the email as a viewable field doesn’t do anything.
You can only access the “email confirmed” field via a :filter or when executing a “current user” type function. You cannot access the “email confirmed” field in the privacy constraints box. (If you could, you could say something like “When This User’s email confirmed = yes” and then deselect anything below you wanted hidden. Bubble would then only send through the “yes” to the page and block anything else.)

Maybe you could create a new yes/no field for email confirmed (call it email confirmed manual) and you’d be able to access that field in searches, privacy settings, etc. Trick would be how to trigger that to change to a “yes” when the user confirms their email. You could create a workflow on a page load, or a “when” workflow on the email confirm page that checks if the user’s email confirmed = yes, and if it is, then set the workflow to change the email confirmed manual = yes. Having such a field then gives you a ton more flexibility. And you could avoid having to use a :filter which is slow for large data sets.

hacker · March 9, 2021, 4:20am

Ohh, yeah, that happened to me too.

It´s only connected to the “email” field

This should be possible. @Bubble

Yeah, the @Bubble suggested be the same thing, but having a field just for that, and it´s not a very big deal in my app, seems a bit too much. But yes.

Yes, I can be faster. “large data sets” can be 1,000, 10,000 or 100,000?

Thanks

system · May 17, 2021, 2:57am

This topic was automatically closed after 70 days. New replies are no longer allowed.