I’ve been experimenting with creating LLM chatbots with Streamlit (see an example on my GitHub here).
In the Streamlit documentation there is a Pickle warning regarding session state:
st.session_stateimplicitly use the
picklemodule, which is known to be insecure. It is possible to construct malicious pickle data that will execute arbitrary code during unpickling. Never load data that could have come from an untrusted source in an unsafe mode or that could have been tampered with. Only load data you trust .
My question is: Since a chatbot inherently utilizes user input, is security something I should consider?
Are there any best practices I should implement into my app if I want users to be able to interact via the