Host content securely inside of Memberstack
under review
Duncan Hamra
1) The problem → I don't want to deal with serving content on my own, and I don't want to leave it sitting on my website/project.
2) Why is this important → My content is what I charge for, but it doesn't make financial sense for me to hire a developer to help me serve it.
3) What's your plan B → Hire a developer, work with another tool that offers this sort of functionality, or use something like Dropbox instead.
4) Possible solutions we could build for you → An easy way to upload content right into Memberstack. I want Memberstack to serve my content for me.
Naitik Mehta
Merged in a post:
Secure Content Links
Matthew Palmer
1) The problem →
Memberspace offers secure content links:
In the event someone bypasses the gated content on my website, I would like content like videos, audio files and downloads to only work after verifying the membership/authenticated account of a user.
2) Why is this important →
If someone bypasses the initial gated content wall, they would have access to content intended only for my paying customers.
3) What's your plan B →
Hiring a developer to do this for me which does not currently make sense for my business.
4) Possible solutions we could build for you →
A solution much like Memberspace's which will allow me to securely gate my content with extra security.
Naitik Mehta
under review
Josh Lopez
Idea: This is just a random idea that I wanted to get feedback on and save so I don't forget in the future. :)
From what I know is that all the content from Memberstack is fully secure. What is not secure is what is on the website that Memberstack is either hiding with CSS or removing from the DOM. If a savvy user turns off javascript then Memberstack doesn't have a way to hide the content.
A possible solution would be to add additional custom fields within Memberstack that can be pulled when Memberstack loads on a website. To make this as easy as possible I think it would make sense to add custom fields within the Members-Only Content groups. I attached an image to show how this could be. In the custom fields, you would be able to add any string-like text or a URL to an unlisted video on youtube.
Having content being pulled from Memebrstack would ensure that no google bots or spam bots would ever see the content.
Would this approach help you feel more confident about Memberstack's security? Would this be a good compromise for not having a full CMS within our app?
N
Nikka Karli
Josh Lopez: How would this work for long form text content in members areas? My programs are multimedia, so I need text, video, and audio all secured.
Thanks!
Josh Lopez
Nikka Karli: In this example you would have your videos and files somewhere else and add the link/URL to them in the custom field. You could also add the text in the custom field and show it through data attributes or the front end api. Its the same as the current custom fields we have for signup but adding them to a memberships content instead. This is also just an idea so its not actively being worked on at the moment.
N
Nikka Karli
Josh Lopez: Hmmm ok. I'm not sure if adding long form text to a field would work for my programs. I can play with it if/when it becomes an active part of the platform. Thanks!
MS Bot
Migrated from the community forum 👇👇👇
Jacob | Jan
As a signed-up user to my site (Webflow), members should be able to log into the site via memberstack and view private information linked to their unique Webflow cms item. This includes multi-reference items that are linked to the 100% secure Webflow cms item.
We basically want to show a bit more private data like names and email address of others, in our users dashboard. Thats the primary use case of the 100% secure content, but I’m sure my product brain will be on fire once I sit down for a bit to think of all the possibilities.
Not sure how you intend to secure this content (store it on your end with a ton of custom fields, or you have some clever way to secure Webflow cms items) but I’m sure you’ve thought about building some data editor on your end (or even utilizing google sheets like glide) … would love to learn more and help out where I can, feel free DM.
---
Kyle Simmons | Mar
Would love this! Here is another, slightly different story…
As a website owner using memberstack, I would like my site content to be hidden, even if a tech savvy user disables their JavaScript.
---
Devon Koch | Apr
The only way I can think of creating 100% secure pages is having a much more elaborate memberObject.
@belltyler, you may know from using Node’s Express.js that after every page load (if you’re using passport.js for example), there needs to be a call to something like isAuthenticated before every res.send() or res.render(), which is the same reason why the CMS items need to live in the member object, since the MemberStack.onReady.then(function(member) {... is the frontend equivalent.
---
Jeremy Pinnix | Jul
Memberspace handles this by letting you add Content Links (100% Secure Content). Those links validate authorization one final time before delivering the item.
I’m curious if Memberstack has made any progress on this?
Adding memberstack.js to the header creates a race condition with the pre-loaded server-rendered Webflow CMS items, so sensitive member specific content would need to live inside of the memberObject. Even if the script deletes the elements off the DOM, any tech-savvy developer using the chrome dev tools could press record on the network tab and log the history of the page by the millisecond.
We are building a company intranet and it would be nice to show more sensitive information to our logged in employees. However, if nefarious evil doers can perform some tomfoolery and skullduggery and still gain access, we won’t be able to show as much information.
This information would be the same for all logged in users. BONUS POINTS if we can show different sensitive info to every member - similar to the previous story about a users Personally Identifiable data.
For me, achieving HIPAA compliance or other standards is not necessary… yet :wink:
---
Jeff | Sep
Hi Guys, pretty keen to see this implemented. We have an extensive content platform to migrate to Memberstack but aren’t game to push it live until the CMS content is more securely protected.
An update on the roadmap would be appreciated : ) Perhaps it’s close to beta?
---
Jarno | Oct
Hey, a usecase where I really would like better security is: For a nonprofit that makes video portraits for families that have terminally ill children I want to make a portal where parents can find all the forms and the final edit of the video.
Needless to see this is highly sensitive information.
The system that Memberspace uses would be a step in the right direction: better general security and then added security for so called content links to files or video’s.
I know you probably won’t be able to tell when better security will be added… But could you give an indication if we could expect an update on this in de coming 3 to 4 months? Otherwise I will start using different tools unfortunatly…
---
François-Xavier Fuhrmann | Oct
I’m using Webflow to create taylor made training content for my clients. It is really sensitive data as all the courses come from their internal experts.
I would love to have a more secure system to protect the data.
Any ETA on a potential ETA?
Duncan Hamra
Chris Drit to the rescue with a viable solution for Webfow users!👇