I am implementing a log in page to a ShinyApp (I cannot use any paid features of Shiny Server Pro or anything like that) and came accross some sample code to do so on the following website: https://www.listendata.com/2019/06/how-to-add-login-page-in-shiny-r.html
It uses the sodium package which is build on sodium to store and check passwords. The relevant code is
credentials = data.frame(
username_id = c("myuser", "myuser1"),
passod = sapply(c("mypass", "mypass1"), sodium::password_store),
permission = c("basic", "advanced"),
stringsAsFactors = FALSE,
)
The use inputs a username and password through a text box and then the shinyapp checks for a match using the function sodium::password_verify
The first thing I noticed is that the passwords get stored as rownames:
> credentials
username_id
mypass myuser
mypass1 myuser1
passod
mypass $7$C6..../....etc..
mypass1 $7$C6..../....etc..
permission
mypass basic
mypass1 advanced
Is this a mistake? Surely this defeats the point of storing the passwords as hashes.
Once I've added row.names = NULL to the dataframe, is this a reasonably secure method to store log in details? Are there other methods/packages or other free services to manage user accounts and authentication to Shiny?
