Forum Academy Marketplace Showcase Pricing Features

What does it mean when a data type is publicly visible?

I have a publicly visible data type CODES which contains thousands of unique purchase codes.

First time users who bought access to my app need to provide a unique purchase code, and the app will search through CODES to see if the code is valid, before creating an account for the user.

I can’t seem to restrict privacy on CODES, as the user account is not created yet.
The page contains the only workflow to search through CODES.

Is this secure? Or prone to hacking? Can anyone somehow read my table of CODES since it’s “publicly visible”?

1 Like

I’m afraid public means public. However there is a trick to overcome your problem. In short you add onto the User the code (for example on page load) and have a privacy rule that is “user’s code = code”. (even if it is a temporary user)

I learnt about this trick in the security guide ebook that available from

which I couldn’t recommend highly enough.


Thanks so much - i’ll try that!

Hmm but how would anyone be able to access the database though?

The ebook explains it and shows you how to do it. In short you look at developer console of the browser. Bubble have made improvements to make Bubblers more mindful of privacy rules recently however read the ebook and you will be as expert as anyone.

1 Like

Ok sure thanks a lot - that sounds scary!

Strange, i tried what was suggested with some tweaks, but it doesn’t work.

Basically I set user’s entered code into a field called Notes.
Then I search the data type for the code that was entered.
Nothing was found.

The privacy rule is: when the data type’s Code matches the user’s Notes.
It only works when I set the privacy rule back to publicly visible.

Any idea?


Complementing @lindsay_knowcode great guidance perhaps this might help :grinning:

1 Like

watched all 15 minutes of it and it doesn’t help my use case :joy: no worries i’ll ask support


This one is more complete

I’d persevere and double check everything - I use the same technique and it works.

  • different to me I don’t set the code - I set the ID of the matched thing - so my rule is does ID = ID of Thing. But shouldn’t matter.
  • Are you sure your are setting the code? Is the code matching case sensitive? (Obvious stuff I know but worth double-checking before looking for more difficult answers)

I’d suggest you make the simplest possible prototype in isolation of your main app to prove that it works (or not). (I bet you it works )

1 Like

Thanks for that - appreciate it very much! Will recheck everything and try again.

1 Like