I wanted to create a custom post type, which would be storing some confidential information, that only needs to be shown to certain users (based on their user ids being stored in the custom post type, in a custom field). The aim is to then use a conditional block, that will only show this confidential information, is the user id is the same as the user id stored in the custom post. This part of the functionality is working as desired.
What I wanted to understand is how secure is this implementation in terms of access to information. Are conditional blocks as secure as Access Control Rules (which I cannot use in my form of implementation) from an access to information perspective? Or is it, that a person with enough programming sense will be able to access the information, since the conditional block is only blocking the access for the front-end display of data (but all the data is still publicly available)?
Hello. Thank you for contacting the Toolset support.
Conditional block will render the output only when the condition will be satisfied (true). There will be no output rendered if conditions does not match.
I hope this answers your question and still you should try to setup a test with conditional block and check how it works and does it output anything that you do not want to.
