r Shiny -上传的数据安全吗？

Question

我正在构建一个 Shiny 的应用程序，用户可以在其中上传交易数据以访问分析仪表板。我能否向这些人保证他们的数据不会受到嗅探器/黑客的攻击，并且当他们的 session 过期时将从 Shiny 的服务器中删除？这在 Shiny 中实际上是如何运作的？ (请注意，我将在shinyapps.io 上托管我的应用程序)

Answer 1

这与 Shiny 无关，而是与您存储数据的服务器、如何使用加密/散列以及用于防止特定漏洞的软件/应用安全方法有关。

话虽如此，这里是shinyapps.io 的(相当简单，恕我直言)安全声明:

shinyapps.io is secure-by-design. Each Shiny application runs in its own protected environment and access is always SSL encrypted. Standard and Professional plans offer user authentication, preventing anonymous visitors from being able to access your applications.

我想说，使用良好的加密和数据存储实践的负担将落在您身上。

您可以引用许多官方和非官方指南来获取有关数据存储的指导。大公司，尤其是上市公司必须遵循的一项法案是《萨类斯-奥克斯利法案》。

来自 grtcorp.com:

The Sarbanes-Oxley Act (SOX Act) was passed by Congress and signed into law in 2002 in response to major cases of financial fraud, of which the rise and collapse of Enron is the best known. The overall focus of the measure is on financial reporting responsibilities, and ensuring that financial audits are genuinely independent.

However, SOX also includes provisions that relate to the security and preservation of financial data. And the standards set out for its implementation "recognized that senior management can't just certify controls ON the system, these controls also have to control the way financial information is generated, accessed, collected, stored, processed, transmitted, and used through the system."

Senior management is thus held ultimately responsible for financial data security, including putting in place appropriate controls and procedures to ensure this data security. The good news is that powerful tools, including data discovery and Data Masking, are available to meet these standards.

我还鼓励您熟悉 OWASP 的十大主要 Web 应用程序漏洞列表:

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project