Another layer of security for member specific dashboard Answered
Has anyone built a support ticket system where you can leave comments in threads? I'm trying to build out client and admin side of things wiht a member specific dashboard. Also where can I find best practices on securing that dashboard? I noticed if I'm logged in and access another clients URL I can see everything.
Comments
6 comments
Hey Krystee!
I haven't seen that yet, but I imagine it could be done with some Make magic 🙂 People would fill out a form which creates a CMS item, then comments would be left on that.
As for the security bit, you will need to create gated content groups so that only the correct people can access the correct pages!
My site is using the CMS to create the user specific dashboards, so I'm not sure how that's possible...is there a better way to go about this?
Hey Krystee Miller, have you considered using memberstack ID as unique slug for each user-specific dashboard, since the id is unique and has lot of characters which are not quite guessable for users, no user would ideally have such dashboard url with them. This does not add additional security, but is a workaround to add another wall in between a specific user and other users dashboard by making it easily unguessable.
That's what I'm doing. I just feel there should be another layer of security if it's possible. 🌝
Hey Krystee Miller, okay that's great then.
I am assuming since you have a user-specific dashboard, you might have set the login redirect for each user in that unique way, so for another layer of security, have you tried placing this code in your user-specific dashboard page, where you redirect the user to some other page which prevents them from accessing any other user's dashboard?
<script> const accessDeniedPath = "/access-denied"; window.$memberstackDom.getCurrentMember().then(({ data: member }) => { if (member && member.loginRedirect) { let redirectPath = member.loginRedirect; let currentPath = window.location.pathname; if (currentPath !== redirectPath) { window.location.href = redirectPath; } } else { window.location.href = accessDeniedPath; } }); </script>I had not but I will now! Thank you
Please sign in to leave a comment.