How secure is Streamlit-authenticator

Hi

I have a client with confidential data, they wish me to implement a cloud-hosted web app with a Streamlit-implemented user interface.

Obviously I will encrypt their data at rest, but I’m wondering about how secure Streamlit Authenticator is, and what potential security holes there are in its use.

Also, please: Is there a recommended PaaS that will add to the level of security around this?

Edit: This pertains: A safe way to authenticate users in production?

After a bit of nosing around I’m currently leaning towards using AWS Cognito, eg here
https://datagraphi.com/blog/post/2022/9/24/user-authentication-and-page-wise-authorization-in-a-streamlit-multi-page-app-using-aws-cognito

TIA!

While I can’t speak to that specific component myself, Streamlit will be adding native support for authentication very soon. Here’s the PR: Auth feature by kajarenc · Pull Request #8786 · streamlit/streamlit · GitHub

As for hosting platforms, most major cloud platforms will let you use the authentication features in conjunction with a deployed container to control access. In Snowflake, if you deployed your app with a Snowpark Container, you could use any version of Streamlit, get a public URL for your app, and control the list of people who can access it.

Thanks mathcatsand!