Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

r shiny - is uploaded data safe and secure?

Tags:

r

shiny

I'm building a shiny app where users upload transaction data to get access to an analytics dashboard. Can I assure these people that their data is secure from sniffers/hackers and will be removed from the shiny server when their session expires? How does this actually work in Shiny? (Note that I'll be hosting my app on shinyapps.io)

like image 844
Ben Avatar asked Nov 30 '16 02:11

Ben


1 Answers

This is not to do with shiny, but whatever server you're storing the data on, how you're using encryption/hashing, and software/app security methods you've used to protect against specific vulnerabilities.

Having said that, here's the (rather minimal, IMHO) security statement for shinyapps.io:

shinyapps.io is secure-by-design. Each Shiny application runs in its own protected environment and access is always SSL encrypted. Standard and Professional plans offer user authentication, preventing anonymous visitors from being able to access your applications.

I would say that the burden will heavily fall on you to use good encryption and data storage practices.

There are many official and unofficial guidelines you can look to for guidance on data storage. One which big companies, particularlly companies going public, must follow is Sarbanes-Oxley.

From grtcorp.com:

The Sarbanes-Oxley Act (SOX Act) was passed by Congress and signed into law in 2002 in response to major cases of financial fraud, of which the rise and collapse of Enron is the best known. The overall focus of the measure is on financial reporting responsibilities, and ensuring that financial audits are genuinely independent.

However, SOX also includes provisions that relate to the security and preservation of financial data. And the standards set out for its implementation "recognized that senior management can't just certify controls ON the system, these controls also have to control the way financial information is generated, accessed, collected, stored, processed, transmitted, and used through the system."

Senior management is thus held ultimately responsible for financial data security, including putting in place appropriate controls and procedures to ensure this data security. The good news is that powerful tools, including data discovery and Data Masking, are available to meet these standards.

I would also encourage you to familiarize yourself with OWASP's list of the top 10 major web app vulnerabilities:

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

like image 194
Hack-R Avatar answered Sep 24 '22 09:09

Hack-R