Uploading sensitive data


Streamlit is awesome.

I have an app that takes in input sensitive data (sales and prices) and outputs hopefully insightful charts.

The app runs on nginx and has no user authentication mechanism, does not track users, never saves data on disk.I have a certificate to encrypt the uploaded data.

I am trying to understand, in practice, how secure this setup is or conversely how difficult it would be for a hacker to get his hands on the uploaded data.

Intuitively, since I do not save data, I would say that it would be relatively difficult. But I would like to understand “how” a hacker could do it, to be able to better measure the risk and possibly understand what, if anything, to do about it.



1 Like