I can get this to work easily enough, but I’m wondering how secure this approach is. With the application only shared to select users and google in control of authentication, I’m thinking it should be fine. How easy/hard would it be for someone to hack into Appsheet authentication engine and somehow update their authentication credentials? I don’t really expect anyone to answer that, but that is the question rattling around in my skull.
Appsheet does not have an authentication engine, it uses outside auth systems, just like you said “and google in control of authentication”
USEREMAIL is simply a reflection of who the logged-in user is. It is 100% acceptable to secure data via that, if not the only acceptable way.
1 Like
Hi Daren,
Appsheet does not have an “authentication engine” in the sense that it does perform authentication itself. Instead, it invokes one or more of the external authentication providers listed in this article https://help.appsheet.com/en/articles/954491-require-sign-in-the-essentials to perform authentication. You control whether Appsheet invokes any of these authentication providers by setting “Require Sign-In”.
If you set “Require Sign-In” to true, Appsheet requires your users to sign in with one of the authentication provider you designate before they can use your application.
If you set “Require Sign-In” to false, Appsheet does not require your users to sign in before they can use your application. Anyone who discovers the URL for your application can use it. Obviously, this is not secure. You should only set “Require Sign-In” to false if you intend to make your application and all of its data public.
3 Likes
Thanks Phil, I understand what you are saying. I should have used the words authentication interface instead of engine. I have no intention of turning off authentication required. I’ll rephrase my thoughts.. How easy hard would it be for a malicious actor to get between Appsheet and Google authentication to fake who they are?
Authentication is based on the industry stand OAuth protocol so I think it can be relied upon.
3 Likes