I’m worried about security - is there any way to truly hide these values from prying eyes, even if someone inspects the app’s code or network traffic or it was public ?
Don’t store any information in custom states which you don’t want the user to see.
The information in those states have to be set by the user, meaning the information you are setting must be visible to them via the privacy rules.
What are you trying to store in the states? Maybe there’s a better way to go about what you’re trying to do
I think about state in storing sms code
i knew that was not secure but i want to make sure that there is no way till now .
what your opinion about sms code validation ? which is the best scenario to do in backend workflow ?
Yep that’s the only way for the user to not see the data.
On the backend you can change a user the value can see.
maybe the user can see “SMS Verified” Yes/no
And in the backend IF the code is correct you switch that user to Verified = yes
If I was to go about SMS confirmation purely through bubble you could do it you set could set these values on the User datatype
- Code (Text)
- Expiration Time (Date)
- Validated (Yes/No) Default to No
Upon triggering the request to send an SMS confirmation, you would schedule a backend workflow that would do the following:
Make changes to current user:Expiration time = current date&time +10 min: validated = no
- Send text to user with code
Once you have them enter the code, you can then run a backend workflow which validates that the code they entered, lets say it’s called
UserInputCode, and it would schedule a backend-wf that would do the following
If you’re using the
- Make changes to
Validate = Yes (Only when Code is UserInputCode) AND Expiration Time >= Current Date&Time
In terms of privacy rules, the
Code should be visible no nobody, not even the user itself, as you’re checking its validity via the backend.
An alternative would be to create all of this on a seperate table, I am not sure what your exact workflow is but that’s the gist of it above. I do offer consulting if you are interested.