File upload (fileInput) privacy

[Alison Link]

I'm curious to understand a little more about how Shiny handles file uploads.  I'm working on an app that parses some log files from a course management system to help teachers understand more about student interactions in an online learning environment.  Because this involves student data, I want to make sure I consider privacy concerns, and understand what happens to files if a teacher decides to upload their student log data file into a hosted Shiny app.

Currently, all I've been able to learn from the tutorials and package documentation is that fileInput lets you upload data that is stored as "a temp file" and that "this file may be deleted if the user performs another upload operation".

• What happens to files when they're uploaded? What directory do they end up in on the server?
  
• When a user uploads a different file during the same session, does it always overwrite the previous file?  Or is it just a possibility that the previous file will get deleted from the temp directory?
• It sounds like the file handling is somehow session-based.  When a user closes their browser after uploading and manipulating a file in a Shiny app, what happens to the file on the server?  It doesn't look like the file persists from session to session; when I close out my browser and re-open the Shiny App, it always seems to start fresh with no file.  But is there a possibility that a teacher could upload a log file, close out of their browser, and somehow still have that uploaded file re-appear in a new session on their own or another person's computer?

I'm considering this might actually be better as a non-hosted "pass the code along and run it locally" kind of app, but I'd still love to hear more about file uploads in Shiny!

Alison

[ZJ]

Once uploaded the input$file1$datapath is the path of the uploaded data (assuming file1 is the id of your file upload component).

I tested this out by running it on my Windows XP machine using localhost. It looks like 

• it created a temporary folder within the temp folder of your current session of R. When R closes the temp folder is deleted. 
• When I upload another file Shiny created another temporary folder, which is different to the previous one and stores the files there. Again if R closes both of these temporary folders will be deleted. 
  
• So I think the overwrite is just a possibility (at least on Windows XP)
• Without looking into the Shiny code I suspect Shiny is using the tempdir() function in R to create the temporary folders. The tempdir is probably based on some hashing function so a clash in the output folder name is extremely unlikely as the R guys would have designed the hashing properly
• Every new session will start off with the fileInput component being empty. In sounds like you don't want the file to re-appear across different sessions? Especially for another user. If that's your concern I think it should be OK
• If you do want the file to persist, there's a way. Running locally I have achieved it by simplifying running the file.rename function of R to copy the file to a folder I know exists. If you have multiple users this approach might not be appropriate though. If your app is hosted on the server and you have no permission to copy files then I have a workaround in that I read the file into R and saved it to the folder I want from R. If I am not write you have write-access to the folder that contains server.R and ui.R

[Joe Cheng]

From memory and a very quick perusal of the code, I believe ZJ is correct on all counts. A couple of clarifications:

• Each file upload operation does create a new subdirectory of the tempdir() folder, with the subdirectory name being 12 randomly generated (runif) hex-encoded bytes. Since it's in the tempdir() folder, other users who can log in directly to the same machine may be able to read these files.
• The "this file may be deleted if the user performs another upload operation" is not true today, but I believe it used to be true in the past and could easily be true again in the future (as I prefer that behavior). You should act as if it's true, by copying files you need persisted to a new location.
• It's not a great idea to use file.rename to move uploaded files to a new location, because 1) the reactive programming model makes it easy to have your code that does the file.rename called twice with the same temp file path, and 2) file.rename doesn't work when the source and destination paths are on different storage volumes/disks.
• Uploaded files are not currently deleted when their session ends, but I would prefer that behavior. We just didn't implement it (yet). Instead, as ZJ says, they are deleted when the R process exits.

--
You received this message because you are subscribed to the Google Groups "Shiny - Web Framework for R" group.
To unsubscribe from this group and stop receiving emails from it, send an email to shiny-discus...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.