Adalo has been a great starting point for us, and we’ve made the decision to now develop a custom app.
In starting to do so, two questions have come up:
When we export our Users table from Adalo, we get hashes/some encoding of all passwords, and not the raw data. This makes sense for security, but can someone from Adalo please share the algorithm you’re using for hashing passwords? Otherwise, all users will be required to set new passwords rather than having a smooth experience of moving over to the new app with their existing password.
Is it possible to get the iOS App ID and key so that we can update the app in the app store to a new version, rather than creating an entirely new app page (and losing our reviews)?
First, Adalo definitely shouldn’t and won’t let you decrypt passwords. That’s basic information security 101. You’ll need to have your users reset their passwords.
Secondly, the iOS app ID, etc. you should be able to get that yourself from Apple. That isn’t Adalo information.
Depending on what platform or developer you’re using, they should be able to do that for you.
Surely it would be possible not to decrpyt the passwords, but to use the same algorythym in the new app so that users can continue to use their passwords?
I’m interested because we may one day move off Adalo into our own hard-coded app.
Hey Colin, again, we’re not looking to decrypt any passwords. We are simply looking to know the algorithm you’re using to hash passwords.
This would allow a user to type in “thisispassword” to the app, and for us to know on the backend that it matches the hash “ioxodif8s9ewf”, without us ever knowing their password
@tmf I think Adalo is saying, if they made that algorithm available to any Adalo customer, all Adalo app users passwords would be vulnerable. So there’s no way other than users resetting their passwords
For clients with Users on adalo, we’ve never seen the switch be an issue. Just tell users you’ve changed tech stacks and request they reset their passwords.
If you dont have users on Adalo, you can use an external collection (we use Supabase). Then, when you make the switch, you keep all of the data (it’s external to Adalo) and connect your custom app to it.
I would say this is still not secure, not to mention Adalo will not / should not share the hash, regardless of reasons.
I’d recommend asking users to reset their passwords. We’ve seen it done before (several times). Never a big deal (it causes churn for sure, but that’s mostly natural)