What does it mean when a data type is publicly visible?

jayy · September 2, 2021, 8:05am

I have a publicly visible data type CODES which contains thousands of unique purchase codes.

First time users who bought access to my app need to provide a unique purchase code, and the app will search through CODES to see if the code is valid, before creating an account for the user.

I can’t seem to restrict privacy on CODES, as the user account is not created yet.
The page contains the only workflow to search through CODES.

Is this secure? Or prone to hacking? Can anyone somehow read my table of CODES since it’s “publicly visible”?

lindsay_knowcode · September 2, 2021, 8:25am

I’m afraid public means public. However there is a trick to overcome your problem. In short you add onto the User the code (for example on page load) and have a privacy rule that is “user’s code = code”. (even if it is a temporary user)

I learnt about this trick in the security guide ebook that available from

which I couldn’t recommend highly enough.

jayy · September 2, 2021, 8:25am

Thanks so much - i’ll try that!

Hmm but how would anyone be able to access the database though?

lindsay_knowcode · September 2, 2021, 8:30am

The ebook explains it and shows you how to do it. In short you look at developer console of the browser. Bubble have made improvements to make Bubblers more mindful of privacy rules recently however read the ebook and you will be as expert as anyone.

jayy · September 2, 2021, 8:32am

Ok sure thanks a lot - that sounds scary!

jayy · September 2, 2021, 12:40pm

Strange, i tried what was suggested with some tweaks, but it doesn’t work.

Basically I set user’s entered code into a field called Notes.
Then I search the data type for the code that was entered.
Nothing was found.

The privacy rule is: when the data type’s Code matches the user’s Notes.
It only works when I set the privacy rule back to publicly visible.

Any idea?

cmarchan · September 2, 2021, 12:46pm

@jayy

Complementing @lindsay_knowcode great guidance perhaps this might help

jayy · September 2, 2021, 1:14pm

watched all 15 minutes of it and it doesn’t help my use case no worries i’ll ask support

cmarchan · September 2, 2021, 1:16pm

@jayy

This one is more complete

lindsay_knowcode · September 2, 2021, 9:54pm

I’d persevere and double check everything - I use the same technique and it works.

different to me I don’t set the code - I set the ID of the matched thing - so my rule is does ID = ID of Thing. But shouldn’t matter.
Are you sure your are setting the code? Is the code matching case sensitive? (Obvious stuff I know but worth double-checking before looking for more difficult answers)

I’d suggest you make the simplest possible prototype in isolation of your main app to prove that it works (or not). (I bet you it works )

jayy · September 3, 2021, 4:11am

Thanks for that - appreciate it very much! Will recheck everything and try again.