My temporary fix would be to hide security related data unless they authenticate via 2FA. Sure, you can still “run as” that user, but their data will still be kept private unless they authenticate.
There are probably a few ways to implement some sort of “middleware” on your own to prevent unauthorized connections.
For ANYTHING to do with real-currency related data, like credits, balances, histories, etc… No offense to Bubble, but that would never be on their database, so that information is always encrypted or off-site to prevent in-house attacks, or access.
Still pretty confused by this…the only user type that can “run as” is an app admin. Who have full data access rights anyway and like 5 other routes to see this data instead of just run as
That’s like saying WhatsApp is end-to-end encrypted and the most secure messaging platform ever just that Mark Zuck as the owner can see all of your messages and data because he’s the admin/owner.
I wish there was a way to block having full database rights (live) and run as to production. Would make selling it easier to big and government clients.
Other no code platforms like mendix already do this!
Well Bubble is now a part of me So I can’t use other platforms even if better/faster/cheaper but all bubble team needs to do is just add a checkbox that hides the “Switch to Live” in the database tab. Just that text needs to be hideable if we want to be lean, no extra engineering needed.
Concur. I own a software company - And routinely have to “shadow” a user to see what they see (I just make it clear to clients that we have this power and we have a log for each time it’s used). Without a feature like this, I’d have to set up a Zoom call everytime I wanted to see someone’s screen or validate an error that they swear exists…
Exactly - You hit the nail on the head as to the irony of this thread.
Best way to prevent unauthorized data-visibility, is to utilize a third-party service like Xano, Supabase, or your own hosted database. You can easily implement middleware or access tokens to prevent unauthorized access to the data.
What I would do is keep the secure information that I don’t want to be exposed in the third-party database, then incorporate a token that only the user can generate (via 2FA or some alternative). This way that data can be encrypted and only accessible if you get a token from the user, or they access it themselves. This is also how support tokens work.
Even if you try to pull the data (with a Workflow or some sort that you created to tap into the DB), it will return null unless you submit the proper payload. Which only can be done by the user, or the support token.
The data itself cannot be viewed because it is encrypted with a token.
This is standard in most-cases (not with Bubble of course). I use NextJS/React all day and this is one of my standard procedures with sensitive data.
So I can’t use other platforms even if better/faster/cheaper but all bubble team needs to do is just add a checkbox that hides the “Switch to Live” in the database tab. Just that text needs to be hideable if we want to be lean, no extra engineering needed.