I know how to implement Privacy in my app. From what I understand this feature controls who can view and find in searches.
If I have a case where I allow users to view but disallow editing, I am controlling it via conditions attached to elements in the page. Is there any risk to this approach where someone with the requisite skill can post data to Bubble’s database after the analysing the underlying code sent to the browser and modifying them to enable editing?
Is there a need to implement a read-access feature on the back-end or it is unnecessary as Bubble has implemented some security feature where only our authorised application has permission to make changes to the database?
Thanks Carlos, however all these features are for encrypting and controlling what a person see. What I am interested is how we can protect our data from being edited by unauthorised persons. I know Privacy rules can prevent viewing but it does not prevent editing. Is there some other mechanism Bubble uses on the server side to secure privileges like php or asp scripting languages where certain server side codes are hidden on render to the webpage?
Wow Carlos, you really have an encyclopaedic knowledge of all the posts here. I thought @mattmazzega post on vulnerabilities is very good. A must read for security.
In reply to your post, I’m afraid it didn’t answer my questions as to whether the pages are safe from others to modifying the pages to submit data when they shouldn’t (they can view based on Privacy but I don’t want them to submit changes). I’m not a strong code reader, hence I do not know whether the connection strings, privileges are openly seen in the raw data sent back to our browser or to other hacking tools out there to exploit.
