Cross post: How secure or insecure is it to pass a database password through server.R in shinyapps.io?

[Mike Psaris-Weis]

Hi,

This is a cross post from the Shiny - Web Framework for R user group:

I'm interested in hosting a shiny app on Shinyapps.io that connects to an azure database. I have the proper connection string, and have it working on my personal computer, but it does not work when I host the app on shinyapps.io. There are many solutions posted online that specify which IP addresses to allow access to so shiny can connect to the database, so I'm confident I can get it working, but I don't know how secure it is to pass my user name and password through server.R for an app hosted on shinyapps.io. Could someone speak to how secure or insecure this is, and if there are any best practices? 

Thanks,

~Mike

[Andy Kipp]

Mike,

If you're connecting to a database over the internet, I recommend you use a TLS (secure) connection on your database. This isn't really a shinyapps.io specific issue, since the point is to protect your information once it leaves shinyapps.io servers and travels to your database, you don't want nefarious 3rd party in the middle to snoop that data.

What type of database are you connecting to?

-Andy

--
You received this message because you are subscribed to the Google Groups "ShinyApps Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to shinyapps-use...@googlegroups.com.
To post to this group, send email to shinyap...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/shinyapps-users/7eafa919-0f67-4b20-9a5a-47178b3ed1a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Mike Psaris-Weis]

Andy,

Could you point me to a guide on how to create a TLS connection in shiny? The database is Azure MS SQL Server, and is a relational database storing sales data. We're looking at other cloud hosted database solutions such as AWS, so it would also be helpful to know if it is easier to set up a TLS connection with certain cloud platforms. I know shinyapps.io is hosted on AWS. Would it be easier to set up a secure connection with AWS RDS?

Thanks,

~Mike

[Andy Kipp]

Mike,

Sorry I really don't know anything about MS SQL, but a quick google search turned up this: 

http://social.technet.microsoft.com/wiki/contents/articles/2763.windows-azure-sql-database-connection-encryption.aspx

It looks like you need to pass Encrypt=yes or something similar in your ODBC connection string.

That said, shinyapps.io runs linux which uses FreeTDS ODBC drivers to connect to MS SQL, so it may or may not be the same.

Here is some docs on using secure connections with MySQL with RDS:

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport

Hope that helps,

-Andy

[Kevin Little]

Mike, I wonder if you ever resolved your issue.   I too want to run an app on shinyapps.io that will connect to a database.   The db administrator is very security conscious (good for him) and we are trying to figure out how to securely communicate.   Admin told me that good practice is never to expose the database directly to a query (e.g. my shiny app reading and writing to a datatable in the db).   Shinyapps.io is running on AWS, so no static IP address that the db admin could whitelist?  Did you learn anything last year?

Thanks, we're pulling together a proposal for a customer and a bit crunched for time in scoping problems and solutions.

[Joshua Spiewak]

The IP addresses that traffic from shinyapps.io will appear from are enumerated in the documentation and the help center.

[Kevin Little]

Thanks! We needed just that kind of info.