Tip to make sharable urls securely

Hi all,

As you probably know, the privacy options in Bubble are very important, and having data types defined on “Publicly visible” or visible in “Everyone else (default permissions)” is not very good for security.

What if you have an internal tool, and you want to share data with an external person (without registering the user)? For example: a client, a supplier, etc.

Here is a possibility:

  1. Create a “hash” field in the User table.
    This is a md5 string that will be put in URLs to share, and that will be like a unique id for the external user/client.

  1. Create a workflow where you create a user, but you don’t need to put a password. Just use the email address as password and append a unique string to it (the same for all users). Here “112233”:

  1. Then simply make a workflow “Do when condition is true”, and set something like below. You get the value of the parameter “c”, and this is the “hash” field. If a user is found with this hash, you “Log the user in”.

  1. Make the “hash” and “email” publicly visible, and the rest is private (visible only for connected users).

  2. Share URLs like: yourapp.com?c=8b5c1be9b2f300f5747981ecd6171edb

Important: I didn’t say this is 100% secure! As for example, the unique string you put in the password (here “112233”) could be hacked.
BUT: I believe this is much more secure than having permissions in “Everyone else (default permissions)”.

What’s your thoughts? A better/simpler way to do that?

1 Like