I want to store client passwords in a collection containing client information. As long as I do not bind the collection field to a text field in the frontend, is the password safe, or can it still be retrieved through the website’s frontend?
Hi there,
Files and assets uploaded to Collection fields are publicly accessible and discoverable, even if they aren’t displayed on a webpage. This is because Collection items are stored in Webflow’s CDN for optimal delivery and performance. For security reasons, it’s not recommended to store sensitive information like passwords in Collection fields.
For sensitive data, consider using:
- Third-party secure storage solutions
- Form handlers with encryption capabilities
- Dedicated backend services with proper security measures
Hopefully this helps! If you still need assistance, please reply here so somebody from the community can help.
1 Like
In general it’s a bad practice, however CMS data is not published unless you bind it to an element.
That said, you can’t use it in your site, custom code, etc effectively unless you bind it, so there’s generally little purpose to doing this.
If you did have a setup where it actually makes sense, at least cryptographically hash and salt it so that it’s usable for your auth processes, but safe. People often use the same password in multiple places, so it would be hugely irresponsible to store it in plaintext anywhere.