Python Forum
Hosting statistic tool on heroku with flask secure?
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hosting statistic tool on heroku with flask secure?
#1
Hello!

I am working on a statistic tool for our company, millions of datasets. Now I need to upload the project, so all company members can request data from everywhere.

I am working with Python 3/Flask and I plan to upload the project on heroku.

Heroku offers by default an SSL certificate (I do not plan to use a custom domain).

In addition I integrated Flask-BasicAuth. It works on localhost fine, one can only access the website if the username and password are known.

I also use Flask-WTF and a CRSF token on the form. After the from submits, which is a must, I request different statistics via AJAX.

1. User enters a daterange
2. User submits form and the basic dataset is selected
3. Different statistics are requested via AJAX POST

Step 3. means I have a lot of routes, which only accept a POST method and return a JSON object.

This tool MUST be only accessible by company members, because important data can be requested and seen.
Does my approach sound reasonable?
Reply
#2
I am researching on this topic now for a few days and I think that every system can be broken/hacked if targeted specifically. I understand that the chances are very low for this. First of all someone who is interested in getting this data needs to know that such a project exists on a live server and this person needs to have enough skill/knowledge to get access.

Maybe its better to create a function, which downloads all statistics as PDF, this way all company members would have the stats and enough time to evaluate them and the project would not be on a live server. The downside is that they will not be able to request new data.

An other idea is to install this tool on the PC's of other company members, so everyone has a local version and everyone would be able to run it from localhost.

What do you think about my alternatives? Would you upload such a project on a live server?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star Leapcell: The Python-Friendly Alternative to Heroku + Airtable Hybrid IssacChan 1 395 Feb-01-2024, 06:00 AM
Last Post: Athi
  Deployed Spider on Heroku: How do I email downloaded files? JaneTan 2 1,523 Mar-24-2022, 08:31 AM
Last Post: JaneTan
  Heroku Error H10 jamesaarr 1 1,979 Oct-21-2021, 03:43 PM
Last Post: jamesaarr
  Importing Postgres Heroku from AWS S3 Drone4four 0 1,775 May-27-2021, 01:09 PM
Last Post: Drone4four
  Django project deployed to Heroku: Postgres security Drone4four 0 1,909 Mar-26-2021, 10:17 AM
Last Post: Drone4four
  Struggling to set up Shared Hosting virtual envoronment martworth 1 2,657 Jun-03-2020, 03:06 PM
Last Post: martworth
  Scrape script when deployed on heroku not giving expected outcomes alok001 1 3,225 Oct-19-2019, 12:39 PM
Last Post: alok001
  building python payment gateway or bank account for secure money transfer masoud_da 0 1,744 Feb-28-2019, 12:12 PM
Last Post: masoud_da
  flask app to save images locally when deployed on heroku not working Prince_Bhatia 1 5,231 Feb-20-2019, 11:59 PM
Last Post: snippsat
  Deploy flask app on Heroku Prince_Bhatia 0 4,011 Feb-20-2019, 09:05 AM
Last Post: Prince_Bhatia

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020