I am using a component (e.g. component1) which uses a variable's (e.g. var1) value (e.g. true/false) in its Hidden value field. This is to show or hide the component.
Just wanted to check if its possible to access this variable (var1) through chrome dev tools/debugger tools etc (or any other browser tools) on client side and change its content (true/false).
Have read on few forums that a running script's variable can be accessed and changed, by using some tools etc. in the browser. Just wanted to make this sure regarding retool apps, that there's way/(no way) to do such things.
Hi @rkr Thanks for reaching out! Hmm, we may need more information about your specific use case, but in general, if the component is populated from a JS query, it would be very tricky, but may be possible that a user could modify the JS query to change the value. If the component is populated by a non-JS resource, that is a bit more secure in that the user wouldn't be able to modify the query
If there is a concern of internal users making these sorts of changes, or if this is a public app, it might be more secure to split into two different apps.
As far as hardcoded values, it's hard to say, since you lose a good amount of functionality from not having dynamic values.
In general, public apps allow for unauthenticated, open access to the embedded app. If you need to give users access to confidential information or dangerous functionality, we recommend that you don't use a public app and instead require users to log in to Retool