Hi all -
I haven’t found explicit guidance on this topic, so I thought I’d ask the community.
Are bubble.io searches secure vs. the threat of a user manipulating requests?
In other words, say for the sake of the argument that I decided that only a specific set of users could look at some Things where a specific date field was more than 1 month in the future. Can’t do that with privacy rules.
So, I can set up a search with a compound expression. Easy - (Things’s date more than 1 month in the future) or (user type is “special”).
Now here’s the deal: can this be modified client-side? Can a rogue client ask the server to return all Things, irrespective of that date filter?