Security checklist

Before reading this article, keep in mind that a checklist can’t cover all possible security scenarios or threats. Consider it a useful starting point but remember that your app is a unique project that may warrant additional security measures not covered here.

We recommend reading our in-depth guides, continuing to educate yourself on Bubble app security best practices and get in touch with our Success team if you have any questions. Ensuring the security of your app is ultimately your responsibility, but we will do our best to provide you with the resources you need.

In this section we will cover many of the typical points that need to be checked and re-checked as your app goes through the first and continued deployments.

Planning

Plan the different parts of your security structure before you start building:

Bubble account security

Use a
Enable
Create and maintain a password and 2FA policy for all

App access security

Don’t give collaborators more access than they need
Remove collaborators that no longer need access
Maintain a policy for access to the live database

Database

Add to all private data types
Use Only when conditions to protect data from unauthorized editing in workflows or use auto-binding in combination with privacy rules
Be mindful of who has access if you copy your Live database to Development

Page security

Don’t store sensitive data in page and
Be mindful of other details that are visible in
- Name of pages
- Name of data types and default values
- Information stored in the
- Names and attributes of
- Names and strings saved in
- Use the to remove deleted data from the code
Don’t store sensitive data in

Plugins and custom headers

Plugins and custom headers may affect security – make sure they come from a trusted source

Last updated 1 year ago

Was this helpful?