4

This is a followup question my previous question: Is is possible to see the code for shiny glimmer apps

I was wondering is it too simplistic to build a DynamicUI as suggested here by R-Studio, that basically acts as a username and password to protect access to a glimmer app?

I was thinking of using something simple like the below in principal (obviously with all the inputs and outputs added etc:

if(username=="x" & password=="y") { run the shinny app } else { print("access denied")}

but was wondering if this is too simplistic and is something that could easily be broken.

Or perhaps somehow only allowing for three tries for the username and password combo...somehow...not too sure how shiny is going to recognise the same user has come back though...

Thoughts on this would be appreciated.

Community
  • 1
  • 1
h.l.m
  • 13,015
  • 22
  • 82
  • 169

1 Answers1

6

Yes, in principle. The server part of the code is being controlled by user inputs from the web form, so if one of those form components is a password then the server code can scream at the user.

The problem is that the password needs to be sent every time, so either the user has to input it every time, or the form has to remember it. Since you don't have control over the server you can't use cookies tied to sessions which is the usual way security sessions are managed, but you could put the password as a hidden item in any forms rendered back to the user once they've filled it in correctly the first time.

But as with most internet security questions, if you have to ask, you shouldn't be doing it.

Spacedman
  • 92,590
  • 12
  • 140
  • 224
  • Was that a "yes, it is too simplistic" or "yes that works in principal"? As for the repeated sending of passwords, I have a feeling shiny tends to keep your last input as the current input unless changed...(assuming you haven't closed the browser). Also if security was set up such that the password check would check a remote location (not on the server), to see if the input matches that of a given file then it continues? would that make sense? Also are you aware of any R packages that deal with this kind of security issue? – h.l.m Feb 03 '13 at 16:44
  • It was a "yes in principle" but I'm not going to put it into practice for you. You try – Spacedman Feb 03 '13 at 17:04