Security Review

Adding Linkedin Signon leads to a Security and Application Review

My Role
Security & Application Review
Timeline
An intense few days

Fiona had spent 3 months and around 10k on a Template and paying the Agency who made the template, to configure and adapt the Template for her requirements. All seemed well - it is a very pretty template.

She asked a question in the Bubble Forum about why an email address didn't show up in the template. What started as some mentoring help to understand a glitch in the template, evolved to fixing a broken onboarding process and adding Linkedin Logins with my plugin (https://linkedin-plugin-demo.bubbleapps.io/version-test)

Then we uncovered that Agency had "missed" some key requirements. There were live Users signing up to the application daily, (even in stealth pre-release) and there were No Privacy Rules

Without Privacy Rules your database is fully viewable over the internet!

- Privacy rules - these all had to urgently retrofitted (over a weekend) to a database designed to create a pretty template, not secure data
- Numerous chained page redirections creating slow navigation and confusing flashed up pages as the app redirected form page to page
- An untested Stripe setup


Fiona and I screen shared to sort out these fundamental problems and she is now live with a secure setup.