shiny 服务器的 ShinyApps 文件对入侵者安全吗?
[英]Are shiny server's ShinyApps files safe from intruders?
问题描述
In the case of shiny apps published on a private networks using Shiny Server: are the files in the project folder and subfolders (such as www and/or data ) vulnerable to be accesible to an external user that has access to said private network, after the app has been deployed?
对于使用 Shiny 服务器在专用网络上发布的 shiny 应用程序:项目文件夹和子文件夹(例如www和/或data )中的文件是否容易被有权访问所述专用网络的外部用户访问,之后该应用程序已部署? Are said files accesible through a web browser, for instance?例如,是否可以通过 web 浏览器访问所述文件?
I'm trying to convince the IT guys at the company that I work in to configure a shiny server, but the security of the files in the app has been an issue.我试图说服我所在公司的 IT 人员配置 shiny 服务器,但应用程序中文件的安全性一直是个问题。
I have reviewed the answers given here , and also looked information online, but when you look for information about security on shiny apps, you get information about authentication solutions.我已经查看了此处给出的答案,并且还查看了在线信息,但是当您在 shiny 应用程序上查找有关安全性的信息时,您会获得有关身份验证解决方案的信息。
I'm not thinking about giving authentication, just trying to find out how safe are the files in the project's folder.我没有考虑进行身份验证,只是想了解项目文件夹中文件的安全性。 Any documentation regarding this issue would be very much appreciated.任何有关此问题的文档将不胜感激。
1 个解决方案
解决方案1
0 2021-08-12 13:43:34
If you are using Shiny server older than 1.5.16, you may be vulnerable to an exploit that exposes these files (at least in the default configuration), and should consider updating.如果您使用早于 1.5.16 的 Shiny 服务器,您可能容易受到暴露这些文件的攻击(至少在默认配置中),并且应该考虑更新。
https://blog.rstudio.com/2021/01/13/shiny-server-1-5-16-update/ https://blog.rstudio.com/2021/01/13/shiny-server-1-5-16-update/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.