Security concerns about st.audio

I’m utilizing the Streamlit framework to develop data applications within my company. We are in the process of deploying a couple of these applications to production, and we have reached a critical phase where it is imperative to meet certain security requirements.

Our primary concern revolves around the security of the st.audio component, as it generates a temporary URL that allows audio playback and/or download. I’ve observed that if I copy and paste the URL into an incognito session of my browser, the audio file remains accessible as long as I don’t close the tab with my app or navigate to a different page within the app. This poses a significant security risk, particularly given the high sensitivity of the data we are handling.

Is there a way to restrict this behavior? Specifically, I would like to prevent external access to these audio files and ensure they can only be accessed within my app. Currently, I am employing the streamlit-authenticator to authenticate users and manage authorizations with assigned roles for different sections of my applications.

Do you have any ideas or suggestions on how to address this issue?

Hi @FernanOrtega

Could you share a code snippet that generates this URL (feel free to black out certain parts) for the audio. This would be helpful to better understand the issue that you’re encountering.

Hi @dataprofessor

I’ve taken a screenshot from Streamlit st.audio documentation:

It’s just using Chrome DevTools (f12) and taking the URL that links to the audio file in the audio HTML tag.

I’m using streamlit-authenticator to authenticate users but I’m not sure how to restrict access to these audio files from outside my application.

Regards.

Hi @FernanOrtega

Could you try specifying the audio URL via Streamlit’s secrets management and use in-app via st.secrets. Would this mask the URL for your use case.

More info in the Docs:

Hope this helps!