Secure connection to google sheet and app script

Jean_Yves_Le_Magnifi · July 17, 2023, 6:38pm

Hello App inventor community.

I had been working with app inventor for sometimes now and uses google sheet as database.

For firebase we can secure the connection with is the firebase url and api key.

But my main concern remain app script bind to google sheet.

We deploy as a web app the script and paste the latter in our app.

I know it can be rare but, if someone can use a tag and value to send data to the google sheet by the app script link, this will input wrong information.

Is there any way to secure google app script connection between our app and google sheet?

For example, the app script link seconded with a token (hash).

TIMAI2 · July 21, 2023, 3:52pm

I do not see what is different, in terms of security, between accessing firebase and accessing google sheets via google apps script, using AI2? It would be just as trivial, if the firebase url got into the "wrong hands" for them to send incorrect data, etc. Yes, if you are using authenticated users on firebase, with secure rules, you do have more control, but you can easily setup something similar for google sheets. The use of one way hashes, or end to end encryption is also possible.

Jean_Yves_Le_Magnifi · July 22, 2023, 7:13pm

Hello @TIMAI2 , thanks for your response.

Is there any discussion where I can get these informations for the google sheet?

TIMAI2 · July 22, 2023, 9:06pm

There are bits and pieces all over the community.

Explain in detail what it is you want to achieve, it may be easier to help directly with that.

Jean_Yves_Le_Magnifi · July 23, 2023, 2:16pm

My goal is simple, when sending data through google app script to my google sheet, I deploy the code as a web app that anyone with his link can have access to it, internal or external stakeholders.

With the link, anybody can send data with a tag and value and then can alter the database. Is there a more secure way to send data to a google sheet through google app script where even with then deployed link the data will not be modified in case someone get the link.

TIMAI2 · July 23, 2023, 3:10pm

Sounds like, at its simplest, all you need to do is send a passphrase as a parameter, with that passphrase needing to be typed in in your app. The apps script then checks if the passphrase is correct before doing anything with the database?

Jean_Yves_Le_Magnifi · July 25, 2023, 4:47pm

Thank you very much for your response @TIMAI2 .

I see the picture but the know to it another another matter

Is there any threads that shows the block and the script?

TIMAI2 · July 25, 2023, 6:43pm

Something like this:

SCRIPT

function doGet(e) {
var passphrase = e.parameter.passphrase;
var ss = SpreadsheetApp.openById('<Spreadsheet ID here>');
var sh = ss.getSheetByName('<sheet name here>');
var name = e.parameter.name;
var age = e.parameter.age;

if (passphrase == 'AB12xyz') {
sh.appendRow([name,age]);
return ContentService.createTextOutput('passphrase correct, data added');
} else {
return ContentService.createTextOutput('passphrase incorrect');
}

}

BLOCKS

Jean_Yves_Le_Magnifi · July 27, 2023, 5:45pm

thank you very much @TIMAI2

system · August 3, 2023, 5:46pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.