How to mitigate the security issue of streamlit displaying stack traces

By default, streamlit is displaying stack traces to the user. For me this is considered a high risk security breach as it displays code to a user. They may be able to access secrets or other dangerous info from the code.

At the moment I run my entire app in a try/except block to mitigate this.

I have two questions:

1. Is this the accepted method for hiding the stack trace from users?
2. Is there any way that a stacktrace could still be shown to a user?

Thanks for any advice

My current setup

Code snippet:

if __name__ == "__main__":
    try:
        # method to run the app
        run()

    except Exception as e:

        st.error(
            "An error occurred during this operation. Please reload the page and try again."
        )
        logging.exception("Exception caught at while running app")

Hey @Oliver_Rock,

Have you checked out the config options? You can set the following in your config.toml file:

# Controls whether uncaught app exceptions are displayed in the browser. By default, this is set to True and Streamlit displays app exceptions and associated tracebacks in the browser.
# If set to False, an exception will result in a generic message being shown in the browser, and exceptions and tracebacks will be printed to the console only.
# Default: true
showErrorDetails = true

Thanks for the tip! But I have been trying out this config but it seems to not work consistently. For example, when my app is using multiple pages

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.