Security of apps and webpass in Adalo

Hello Adalo family and team.

I have noticed a concerning matter, as a user of the web app I created, I expect security of my information ( that’s why there is a login and password ), so I did a test:

  1. I logged out of the web app, but I copied the URL showing before I logged out
  2. I logged out, pasted the URL, and yet I was still able to access the screen with all its information, not only that, every link on that screen was still linking to everything.

This is highly insecure, is this behaviour normal? if no how do I fix it, once logged out you shouldn’t be able to access anything.

Thanks

1 Like

Hello, usually if you’re not logged in you should go to the Welcome screen if you enter any link in your app. If you’re experiencing a problem with it, you can send a ticket through this link: Submit a Support Ticket

Thank you!

1 Like

you can use the action on the screen to make a send to login and filter it where only it will send is if username/email = emtpy

1 Like

For all the screens of my app?

Thanks

yes all

1 Like

You don’t actually need to add the linking action to every screen, because it usually works without doing it.

Thank you!

1 Like

somehow its not the case, I opened the ticket, and I changed the permissions to logged in only for everything, the information is gone, but everything else is visible, like buttons, fields… @GrantWoods solution does work, but its strange I have to do it for every screen, this is worrisome, we need a major switch to tell our apps whether all our screens need a login or no.

1 Like

Agree, it was scary when I first found out about this.

I was lucky to find this early on into the development, so every screen onwards was a copy-paste from the old one which meant it had the click actions (when visiting a screen do x) copied as well.

So if anyone gets a URL to a screen, they would quickly be logged out.

I agree though, its not ideal at all! There should be a universal switch or toggle

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.