In a previous blog, I post a simple authentication method for Shiny-app, and received several comments mainly concerning that I should encrypt user password. I agree, user’s password can be intercepted when it was transferring. To secure users’ personal information, I think we should consider both server and client sides.
Your server could be hacked and all users’ personal information could be copied. Such things have happened to some big websites last year. Besides, when data was transferring through internet, due to signal attenuation issue, all data will be enhanced through some deviance, such like network switches, where users’ information could also be intercepted. So, how to secure your password? The best way is: don’t store it on server and don’t transfer it through internet!
What? Are you kidding? Sorry, I’m not!
The idea is simple: before transferring your password, encrypt it first. This is common concept for IT guys, but maybe not for most R users.
Shiny has no such feature, which belong to Shiny-pro, the commercial version. But we add it ourselves because Shiny is open.
- Includes md5.js to the head part of ui.R
- Create and includes a new ShinyBinding to receive the encrypted password.