I would like to build a system for human resources managers to track employee training. The system will not contain sensitive data but will allow the user to trigger paid training courses and contain employee names - so it needs to be secure.
Does anyone know if memberstack is suited to this? I have the firebase tutorial from 2018 and am about to run through them, I jsut wanted to see if I am on the right track. Thanks!
I would reach out to MemberStack support with questions like that, I’m not the right person to be answering them. I can help with setup and architecture, I’m really good at that, but when it comes to PII specific needs speak to MS directly. Hope that helps!
Well, I was doing some research for the company I’m working with and we were testing the security of memberstack. I was able to break into all the websites that are on memberstack examples page, and was able to access all the hidden pages for those websites.
So, if you’re dealing with sensitive information, don’t use purely Webflow and memberstack since they only take care of the front end. You need a server side solution for sensitive data (Firestore + Security Rules for example) if you really want to secure your data
I totally understand haha I’m definitely getting you a video as soon as I get my hands on my PC. I won’t share how I do it, in order to not make it easier to those Ill intentioned.
And yep, we ended up going with firebase for our whole app and not even touch memberstack. This made sense to our app because we were going to use pretty much everything that firebase offers (authentication, hosting, database and cloud functions)… your needs might be a bit different, so I’d recommend you to look around for what makes the most sense to your needs
DISCLAIMER: I never did and never will use this type of knowledge to do bad things. This demo is intended to show the limitations of Memberstack and raise awareness for users that have extremely sensitive information being hosted in a website that uses any type of front-end-only authentication.
You are probably referring to some videos I made in 2018. These are out of date now but the principle of how you can use Firebase and Webflow together is still the same. However I wouldn’t suggest anyone use this approach to build a real world production app. A quick and dirty MVP, sure, but there are major limitations with this approach for anything serious. Think of those videos more as information on how you can play around for fun.
To add to the comments about Memberstack above, the Memberstack guys themselves make it pretty clear on their website that they can’t securely gate content:
Also AFAIK they have never claimed that they can, so there is nothing to debunk there. They openly admit that it’s not actually secure.
The only way you can have real secure content with Webflow is to load that content after the page loads, and your back end will need to verify the user’s token. Which it looks like they are working on.
Your right. I used it initially for a statewide health company. It worked very well, but with HIPAA compliance it was $1000 a month just for the Caspio plan. Eventually rebuilt the web apps using a different no-code service.