Visibility of source code and JSON files

mckry · March 22, 2023, 4:12pm

Hi there!

I have a question about running Streamlit web apps. For example, if I deploy a Streamlit app on Heroku, my understanding is that the app runs server-side on Heroku, while on the client side, only obfuscated javascript can be inspected via the browser. My web application contains some JSON files that my Python script accesses. My question is: can the user view these JSON files or the Python source code in any way via the browser? Isn’t there theoretically a way to de-obfuscate the obfuscated javascript code that can be viewed in the browser?

Thank you!

Max

mathcatsand · March 25, 2023, 3:41am

In general, no. Streamlit has a server-client structure. It does not take your code and make some equivalent Javascript for the user to run computations in their browser. All the computations are done on the server with whatever you specify for display sent to the browser.

As long as you don’t render the JSON files in some way or put them in the static folder with static hosting enabled, they would not be accessible to your users… same for your source code.

mckry · March 25, 2023, 7:52pm

Perfect, Thank you!