Cybersecurity vulnerabilities of Streamlit app on community cloud and private cloud


I am in a little bit of a journey inside my company to promote Streamlit as a data analytics tool, as it has been very useful for the analysts on my team (myself included).

One of the arguments that will have some weight on my superiors decision to adopt or not adopt Streamlit as a corporate tool will be the matter of cybersecurity.

So one of the cybersecurity experts of my company had some sort of software scan my application on Streamlit community cloud and these vulnerabilities popped up, according to them:

He said these vulnerabilities allow for the loss of the admin user of the platform, and allow for the insertion of data by non-authorized personnel.

As a Data Science guy, I don’t know much about cybersecurity, but if someone could please give me some counterarguments to give to my superiors related to the cybersecurity expert assesment I’d be grateful.

I would also like to know if these same vulnerabilities would still exist if I deployed my Streamlit app to a private cloud like Microsoft Azure.

Hey @DarkCSS,

Thanks for sharing this question. I’d recommend sharing our Trust and Security doc with your team. Streamlit Community Cloud is intended to be a free community resource for developers to use to get started with Streamlit. It may not be the right fit for your use case if you are looking to deploy apps for an enterprise organization, especially since Community Cloud is limited to one private app per account.

Fortunately, Streamlit apps can be deployed with a variety of deployment platforms; check out our deployment wiki for some helpful guides from the community on deploying Streamlit apps on other platforms.

Snowflake is also launching a Streamlit app hosting feature, which will soon be in public preview – feel free to sign up here for more information.


This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.