Hi this is more question of code security, rather than a question about a directly coding related problem. But I was wondering is it possible to see the code in ui.R
and the server.R
and that generates the app web browser page?
e.g. Although I'm sure I could just ask Garrett to see the code...is it possible, without authorisation, to somehow see the code related to this URL http://glimmer.rstudio.com/gsee/TFX/ which is running the a shinny app? As this might be a problem if putting up sensitive data/code etc.
Is there a way to add a secure username and password to shinny apps? so that only selected users can access the app?
I know obviously you can see code that run shinny apps from gists, but was more curious about glimmer apps.
P.S. Garrett (if you see this), im just using your app as a good app example...as it uses glimmer..., and in my opinion its attractive code.
As you talk about shiny applications that run on glimmer.rstudio.com
, you talk about applications that run on shiny server (in contrary to applications run locally via a call to runApp
).
A such, both ui.R
and server.R
are located on the server, and they are not downloaded to your computer when you run it. Moreover, they seem to be protected by shiny, as if you try to access them via an URL, such as http://shinyserver.example.com/app/server.R, all you will get is an HTTP 404 error.
So, in the same way that it is not possible to access the PHP or Ruby files that power a website or web applications, you can't, for obvious security reasons, access the R files behind a shiny application.
As for protecting access to a shiny application, I'm not sure it is a builtin feature in shiny server yet, but if you run it behind an Apache or Nginx proxy it should be possible to use HTTP authentication for that.
Note : I'm not a shiny expert at all, so this answer could be partially wrong. I just hope not totally :)
Right now, do not put up sensitive code or data on the glimmer server! It is not secure and any user of the server can access the code/data of other users. A bug report has been submitted and the developers are working on it, to my surprise the server is still online though.
Username/passwords are not going to help with this bug. If you want security, host Shiny Server yourself as the glimmer server is not secure.