Serious privacy challenge confirmed email when signing in

I have a serious challenge.

I wan’t a user to be logged in, only if the user is active (created field on user). Therefore I need to activate the privacy setting “Find this in searches” for everyone else (not logged in users). Does this mean, all user information can be searched by hackers?

So I tested with a privacy setting “this user” and that works. It seems that Bubble only reacts when the email is known but not logged in.

Can somebody confirm that with this privacy setting all other users and their info are not food for hackers?

My understanding is that you want to bypass the security check on the workflow and that should solve your issue like this:

ActiveUser -> Tries to log in -> Workflow bypasses security to check if active -> Returns Yes -> Log User in.

InactiveUser -> Tries to log in -> Workflow bypasses security to check if active -> Returns No-> Remind to check email.

Thanks,

What do you mean with “Workflow bypasses security to check if active”. Is that an action i can use in conditionals?

This topic was automatically closed after 70 days. New replies are no longer allowed.