Setting Up Basic Privacy Rules in Bubble
In this video, I'm going to demonstrate how to set up some basic privacy rules to protect your users' data in your Bubble app. I'm going to start off with this locations page and map page from a previous video. We have a user logged in and they've created four locations. We can check that here. So under locations in data type, we can see that demo has created these four locations.
The Incorrect Way to Protect User Data
Let's say that we want to make sure that only demo can view the locations that they've created. Now, this is how not to do it. You could go into search for locations and go created by equals current user. And let's refresh that. Okay, and there's no change. So that has sort of worked because it will now only display to the user locations that they've created. But this is not secure. This is not the way to do it because there could still be a number of other ways or reasons that a user who isn't the creator can gain access to this data.
The Correct Way to Implement Privacy Rules
Unless you have a very particular reason for using a created by, one instance might be like a chat app dialogue where you want to only show the submissions of the current user into that dialogue. Don't use this. It's not the way to do it. You should be using the privacy tab here. And so on location, we will say user and you can give it any name you like. And then we will untick all of these fields because we don't want it that a user, sorry, a visitor to this website, this web app, who isn't logged in, we don't want them to give them access.
Setting Up Privacy Rules for Users
We don't want to give other users in our app access to the data created by this user. So we're focusing on this panel here and making sure we've got everything unticked. And it's going to be a rule like current user is this location's creator. And then we want if that statement is true to view all fields, find it in a search and to attach an autobinding. We'll cover that in another video.
Testing the Privacy Rules
Now, if we refresh this page. See, there's no difference. I'm currently logged in. I'm currently viewing the data that I've created, but let's see what happens if I log out. And then refresh the page. See, I now no longer have access to that data because I am logged out. I am not current user who has created that data.
The Importance of Secure User Data Protection
Remember when you're wanting to make your app secure for your users, which if we're honest can often be a bit of an afterthought and something that we put off grappling with. But we know that it's really important that we get this right. So I would make sure that you get familiar with setting up privacy rules in the data privacy tab and you test. You have multiple browser windows opened with private browsing tabs in each so that you can log in as different users check that you are not leaking. You can do your users data to other users when you don't want that to be happening.