Query works only on login members?

Ask the community
, ,
1

i got this code

wixData.query("soldProducts")
        .eq('orderId', "10000") 
        .find()
        .then( (results) => {
            console.log(results.length);
        });

But whatever i do this code is being run ONLY when I am logged in as a user. If i am not logged in then i get nothing on console.

Any idea?

2

is there a if loop before this code?

3

No there is no loop… I confirmed it that if i have database as admin-only i cannot query while being not logged in…

4

If the dataset has permissions for Admin only, then of course it will only work if you are logged in as it will then be able to check the users role.

5

have you looked to your database settings?

746×649 33.3 KB

It might be it is on the 3rd (member only)
the 1st is for everyone to read,
2nd for everyone to send data to it

6

That IS the problem for sure! But what vulnerabilities are exposed if i set to be read by everyone??
I have sensitive information on this database.

But the problem is that i want to have a QR Scanner on my site. I wrote the back-end query but doesn’t work if i call it from front-end while someone :

  1. Is not logged in
    2)Has no admin privileges

So i cannot make scanner work.
So my real question is : if I expose the read permission to anyone (Site Content permission of database) will I be in danger for a hacker to be able to see all my database information?

7

I don’t think your website is gona be in danger by changing the permission to anyone. the sole purpose of this is to define who can or cannot read/write to your database.
lets say you have a form, and on a button click the data from the form will be added into your database, if it is on members only, users will be able to do it but random guests on your website won’t.
if its available for evryone, then random guests will also be able to send data using that button.

kristof.

8

@volkaertskristof Thank you very much for the answer. I really want an answer from a moderator just to be sure, but you helped me!
So the only vulnerability that is exposed is what I expose by the code in the front end, am I right? All the queries, promises and calculation are in back-end so I must be safe.

9

@nikosp420
If your code is all in the Backend folder then you should be safe to go.
but i’ll understand you want a safe answer from a Moderator to be 100% sure.

i also found a answer about the difference betweer Backend folder and Public folder
in this link.

https://www.wix.com/corvid/forum/main/comment/5ae1761cd7b86900135a8af3

where Yisrael says that backend is mpre secure then public.

Kristof.