+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: Web Scraping & Web Development (https://python-forum.io/forum-13.html)
+--- Thread: Hosting statistic tool on heroku with flask secure? (/thread-13670.html)
Hosting statistic tool on heroku with flask secure? - Zoja - Oct-26-2018
Hello!
I am working on a statistic tool for our company, millions of datasets. Now I need to upload the project, so all company members can request data from everywhere.
I am working with Python 3/Flask and I plan to upload the project on heroku.
Heroku offers by default an SSL certificate (I do not plan to use a custom domain).
In addition I integrated Flask-BasicAuth. It works on localhost fine, one can only access the website if the username and password are known.
I also use Flask-WTF and a CRSF token on the form. After the from submits, which is a must, I request different statistics via AJAX.
1. User enters a daterange
2. User submits form and the basic dataset is selected
3. Different statistics are requested via AJAX POST
Step 3. means I have a lot of routes, which only accept a POST method and return a JSON object.
This tool MUST be only accessible by company members, because important data can be requested and seen.
Does my approach sound reasonable?
RE: Hosting statistic tool on heroku with flask secure? - Zoja - Oct-29-2018
I am researching on this topic now for a few days and I think that every system can be broken/hacked if targeted specifically. I understand that the chances are very low for this. First of all someone who is interested in getting this data needs to know that such a project exists on a live server and this person needs to have enough skill/knowledge to get access.
Maybe its better to create a function, which downloads all statistics as PDF, this way all company members would have the stats and enough time to evaluate them and the project would not be on a live server. The downside is that they will not be able to request new data.
An other idea is to install this tool on the PC's of other company members, so everyone has a local version and everyone would be able to run it from localhost.
What do you think about my alternatives? Would you upload such a project on a live server?