Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

r shiny - is uploaded data safe and secure?

Tags:

r

shiny

I'm building a shiny app where users upload transaction data to get access to an analytics dashboard. Can I assure these people that their data is secure from sniffers/hackers and will be removed from the shiny server when their session expires? How does this actually work in Shiny? (Note that I'll be hosting my app on shinyapps.io)

like image 844
Ben Avatar asked Nov 30 '16 02:11

Ben

1 Answers

This is not to do with shiny, but whatever server you're storing the data on, how you're using encryption/hashing, and software/app security methods you've used to protect against specific vulnerabilities.

Having said that, here's the (rather minimal, IMHO) security statement for shinyapps.io:

shinyapps.io is secure-by-design. Each Shiny application runs in its own protected environment and access is always SSL encrypted. Standard and Professional plans offer user authentication, preventing anonymous visitors from being able to access your applications.

I would say that the burden will heavily fall on you to use good encryption and data storage practices.

There are many official and unofficial guidelines you can look to for guidance on data storage. One which big companies, particularlly companies going public, must follow is Sarbanes-Oxley.

From grtcorp.com:

The Sarbanes-Oxley Act (SOX Act) was passed by Congress and signed into law in 2002 in response to major cases of financial fraud, of which the rise and collapse of Enron is the best known. The overall focus of the measure is on financial reporting responsibilities, and ensuring that financial audits are genuinely independent.

However, SOX also includes provisions that relate to the security and preservation of financial data. And the standards set out for its implementation "recognized that senior management can't just certify controls ON the system, these controls also have to control the way financial information is generated, accessed, collected, stored, processed, transmitted, and used through the system."

Senior management is thus held ultimately responsible for financial data security, including putting in place appropriate controls and procedures to ensure this data security. The good news is that powerful tools, including data discovery and Data Masking, are available to meet these standards.

I would also encourage you to familiarize yourself with OWASP's list of the top 10 major web app vulnerabilities:

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

like image 194
Hack-R Avatar answered Sep 24 '22 09:09

Hack-R
Sign in to Comment

Related questions

How to specify log link in glmnet?
R devtools: create both html and pdf of vignettes
How to make a default custom theme with ggplot2 in R
difference from first in group with dplyr
Piping Rscript gives error after output
Fit distribution to given frequency values in R
Plot area in rcharts NVD3 lineChart
Where to place library calls with testthat?
Why does R re-size everything in the plot but not the text when exported?
Can't resolve error in .Rmd file <Anonymous> ... withCallingHandlers -> withVisible -> eval -> eval ->
What is the R equivalent for Excel IFERROR?
Is it possible to include svg image in pdf document rendered by rmarkdown?
data.table "list" versus ":=" in dealing with NaN
travis build failing because devtools is missing
Loop for Reverse Geocoding in R
Potential bug in stargazer omit.labels
Shiny nesting a link within a paragraph has unwanted whitespace
Importing .xlsx file with special characters
Modularized R markdown structure
ggmap error (Error in as.vector(y) : attempt to apply non-function)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!