How to restrict Webflow dashboard access in Memberstack to prevent users from viewing other members' data via slug? Answered

• 

  Duncan from Memberstack

  • August 07, 2023 18:09

  Hi Eric 👋
  
  I recommend adding this script to your CMS collection template. It will redirect the member if they try to access another person's page. 

   <script>
    const accessDeniedPath = "/access-denied";
    
    window.$memberstackDom.getCurrentMember().then(({ data: member }) => {
      if (member && member.loginRedirect) {
        let redirectPath = member.loginRedirect;
        let currentPath = window.location.pathname;
        
        if (currentPath !== redirectPath) {
          window.location.href = redirectPath;
        }
      } else {
        window.location.href = accessDeniedPath;
      }
    });
  </script>

  0
• 

  Eric Yen

  • August 07, 2023 18:17

  Thank you for your response! Do you think there's no risk of client-side javascript manipulation here?

  0
• 

  Duncan from Memberstack

  • Edited August 07, 2023 19:28

  Hey Eric Yen 👋 It's certainly possible, and there's no such thing as a zero-risk system. I think this is more of a question of trust (i.e. how likely is it that your customers will circumvent this code in order to access another person's page) and what is housed on those pages. Are you storing sensitive information directly inside of Webflow?

  0
• 

  Eric Yen

  • August 07, 2023 21:52

  Yes sensitive data is stored in the webflow database

  0
• 

  Duncan from Memberstack

  • August 17, 2023 22:14

  Eric Yen I totally missed your reply, my apologies!

  I need to warn you against storing sensitive information directly inside of the Webflow CMS. It's best to store that kind of information in Memberstack using a member's custom fields, member JSON or hosted content. 

  0

Please sign in to leave a comment.