Mar 08, 2021 12:15 PM
I am a busy guy. We probably all are.
Last question: is there anyway a creator in an AT base could install any malware into my Airtable? Like a bot that sends the data after the job is done
I like Airtable. I really need a tutor.
But I have an application to do now.
I would like to improve a Google Form by syncing it to a new Airtable CRM. The sync would either happen w integromat or, I could move the form to Airtable.
So I hire an Uphold programmer.
First problem with using Airtable to field a form: I don’t like having a splash screen advertisement for AT at the end of the form :embarrassed:
I have some “sensitive” stuff in AT
so I create a new free workspace to share w programmer.
In this workspace the table I started has a google sheets link.
Mar 08, 2021 06:43 PM
Hello @Weasn
I’d love to assist you on your requirements.
You can reach me on Email [trish@cisinlabs.com] or Skype - live:.cid.baff7c7dd9471b54
Regards,
Trish
Mar 08, 2021 09:06 PM
Hello @Weasn
PM sent, please check, so that we can have detailed discussion and can proceed it further.
Regards,
Norman
Mar 09, 2021 05:50 AM
A collaborator who only has access to one Airtable workspace cannot get at data in another Airtable workspace.
Yes, a creator in an Airtable base can install malware. They can write scripts in Scripting app or create a Scripting automation that can do any number of bad things.
However, a collaborator does not need to be a creator to steal you data. Any collaborator, even read-only collaborators, can make a copy of your base.
Even after the programmer is no longer a collaborator for the base, there could be lingering public shares that provide access to the base.
In short: don’t give access to you base to anyone that you don’t trust.
You can remove the Airtable advertisement with a Pro subscription.
Mar 09, 2021 07:43 AM
very helpful!
so basically I can’t hire an unknown programmer to help build the collab table and have any expectation of security.
In other words, I could have an upwork guy build a new form in a dedicated workspace and then copy that collaborated form and associated CRM table over to my regular workspace.
eh, but then any bot in the collab CRM table would be copied to the secure table in the main secure workspace, hmm.
How to get around this?
no way to reveal all automations in the collab table?
How to see if there are any malicious scripts installed in the collab table before copying to the secure table?
upwork will not be applicable here then,
main attribute of the programmer has to be a trusted third party
no way to verify, or then you would be the expert?
Mar 09, 2021 10:28 AM
Once you give someone access to your base, you cannot expect Airtable to prevent that person from using that access to do bad things. Now, most Airtable consultants are not going to do bad things, and there are many reputable Airtable consultants. But it is up to you to decide who to trust–not only who will not inject malware into your base or steal you data, but also who will do a good job for what you actually want done.
If you have someone from UpWork work in a dedicated workspace, your other workspaces are safe. If you copy something from a base in that dedicated workspace to a different base/workspace, the security risk depends on what you copy. If you copy a table, you aren’t copying any code that can do malicious things. A form by itself contains no code, so copying a form can’t introduce the type of security risks you are worrying about.
Custom code that can access the outside world only exists in
scripting app Look in your dashboards for these. Note that the scripting app installation might have a custom name, but it will still look like scripting app…
scripting automation actions Look in the automations area for these. There is a maximum of 25 automations, and each automation can have up to 25 actions.
custom apps Look in your dashboards for these. These are rare.