About our security check feature:
When you run a scan, Base44 checks your app for common security issues. Click on each security issue below to learn more:Public data access (RLS issues)
Public data access (RLS issues)
Some data should only be seen by the right people. When you run the scan, it checks each of your data entities (like Tasks or Comments) to make sure users don’t have more access than they should.If your app allows everyone to view or edit certain data, the scan will show:❗ All users have full access
⚠️ RLS Recommendation – Apply Fixes
⚠️ RLS Recommendation – Apply Fixes
- Only the record creator can view or edit it
- Access is limited to specific users based on their email, role, or department
- Only admins can make changes
Want to learn more about how access rules work? See the full guide on managing security settings
Exposed secrets
Exposed secrets
Our security check also looks for things like:How do I fix an exposed secret?
- API keys
- Tokens
- Sensitive credentials
What is a secret? Secrets are private codes/ digital keys that help your app connect to other services. If someone gets access to a secret, they might be able to misuse your app or access data they shouldn’t.
- You need to remove the key from your frontend code (which is written manually),
- And move the logic to a secure place, usually a backend function that you’ll either create or update.
Backend function issues
Backend function issues
Backend functions are parts of your app that run behind the scenes such as handling payments or saving data. These should only be triggered in safe, controlled ways.When you run the scan, it checks if any of your backend functions are:About unauthenticated backend functions
Security check flags backend functions that accept sensitive data (like emails, API keys, or IDs) without checking who the user is.
- Open to anyone (when they shouldn’t be), or
- Set up in a way that doesn’t actually work
What is a check? Think of it like a security guard at a door. Before letting someone in, the guard makes sure they’re allowed, like checking a name on a guest list. In your app, a check does the same thing: it decides whether a request is safe and allowed before letting it through.
Security check flags backend functions that accept sensitive data (like emails, API keys, or IDs) without checking who the user is.
- The user is signed in
- The request is for their own data
How to access security check
There are two easy ways that you can access the security check feature.Option 1: From your app menu
- Click on your app menu
- Select Security
- Under Scan Issues click Start Security Check
- Review any issues and click Apply Fixes
Option 2: From your dashboard
- Go to your Dashboard
- Click the Security tab
- Under Scan Issues click Start Security Check
- Review any issues and click Apply Fixes
Why it matters
The security check feature helps you:- Prevent accidentally exposing private data
- Catch misconfigurations (like broken Stripe webhooks)
- Ship your app with more confidence knowing you’ve checked the essentials.
FAQ
Does the security check make any changes automatically?
Does the security check make any changes automatically?
No. It only highlights issues and offers one-click fixes. You choose when to apply them.
Why isn’t row-level security (RLS) restricting data access correctly?
Why isn’t row-level security (RLS) restricting data access correctly?
Row-level security (RLS) rules control which users can access specific data in your app. If unauthorized users can see or edit data, or RLS rules are not working as expected, use the built-in security check to find and fix issues.To troubleshoot RLS problems:
- Go to your app’s Dashboard and open the Security tab.
- Click Start security check to scan for missing or misconfigured RLS rules.
- Review the issues found and click Apply Fixes to use the recommended safe defaults, or adjust rules for each data entity manually.
- Sign in with different user roles to confirm only authorized people can access each type of data.
Will this affect users already using my app?
Will this affect users already using my app?
Changes to security rules can affect what users can see or do. We recommend reviewing any fix suggestions before applying them.
What if I don’t understand a warning?
What if I don’t understand a warning?
Many recommendations come with a little dropdown arrow. Simply click it to see more details about what the issue is and why the fix is suggested. You can also copy the message into the AI chat (Discuss mode) to get a deeper explanation, step-by-step.Still not sure? No problem! Just create a support ticket. Our team is always happy to help.
Can I add a video?
Can I add a video?
You can’t upload a video at this time, but you can link to one (like on YouTube, Vimeo, or Loom).