I have developed an application and deployed in streamlit cloud community. client has done vulnerability test over the code and got results as below
Email Flooding
Description:
The process of sending large quantities of emails, often with large attachments, to disable a network or part of a network such as a mail server. This is an example of a denial of service attack.
Status:
Current Status: New
Risk Rating:
High
Impact:
This leads to Reputational damage and can be perform DOS attack.
Affected URL: https://share.streamlit.io/api/v1/login/email
Affected Parameters:
Application
OWASP Ref No: https://www.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)
CWE/CVE Reference No:
CWE-770
Recommendation:
Limit sending only 5 emails per registered mail at a given time interval.
I’m sure the devs are happy for the feedback and I’ll leave it to them to speak on the site’s security, but just a side note: I wouldn’t recommend deploying any business-critical or enterprise apps on Streamlit Cloud. It’s more of an educational and community tool to help people get started with Streamlit. It doesn’t come with a guaranteed service level agreement (SLA) so it might be good to consider that aspect if your app is of reputational importance.
Thanks for reply. I felt streamlit cloud community was very useful for me to deploy. Do we have enterprise cloud from streamlit or snowflake for deployment?
When Streamlit was acquired by Snowflake, the paid plans got sunsetted. I don’t know when/if they will bring them back. They are working on implementing Streamlit within Snowflake right now, which is in preview already on the Snowflake side. There are some limitations with it, as I understand, since it’s using a different sort of container.
If you need something now, I’d look at some of the other deployment options where you can get the right SLA. There are some options/tutorials here:
Secrets are saved in secrets.toml in local and in application secrets of streamlit. How i am suppose to manage the secrets if i am deploying in aws. There is no user case studies covering this.
I’m not personally as familiar with AWS specifically. Based on a search, I can see they have a secret management service, but there may be free options within your specific deployment that let you do something else.
Thanks for stopping by! We use cookies to help us understand how you interact with our website.
By clicking “Accept all”, you consent to our use of cookies. For more information, please see our privacy policy.
Cookie settings
Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
Functional cookies
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
Targeting cookies
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.