7:00 - 7:30 PM - Securing your Shiny Dashboard

Colin Gillespie

Shiny apps, Rmarkdown reports and flask dashboards provide a rich user experience for relatively little development time. Often this experience is created by utilising third-party Javascript functions, CSS files, fonts and images, but every external file we use means we implicitly trust the authors. The NHS and thousands of other government websites can attest that this is an issue; in 2018, they ran scripts that made their visitors use their computing power to mine cryptocurrencies.

This talk will look at how organisations can improve their Shiny application security. We’ll discuss general procedures for securing your overall workflow, such as security audits of your R packages and general Git security. We’ll then see how Content Security Policies (CSPs) can be leveraged in Shiny apps, which allow a website to specify what external content a site can access. This talk will discuss implementing these precautions within Shiny and Posit Connect. We'll demonstrate that securing and monitoring your applications is relatively straightforward.

"Colin co-founded Jumping Rivers - a full-stack data science consultancy company based in the UK. Jumping Rivers specialises in everything R, from infrastructure management to building shiny applications. Colin has been using R since 1999 and fondly remembers using the underscore as an assignment operator. A few years ago, he found time to co-author the O'Reilly book Efficient R Programming."
Mon 8:45 am - 12:00 am
Lessons
Colin Gillespie, Security