Oct-26-2018, 11:47 AM
Hello!
I am working on a statistic tool for our company, millions of datasets. Now I need to upload the project, so all company members can request data from everywhere.
I am working with Python 3/Flask and I plan to upload the project on heroku.
Heroku offers by default an SSL certificate (I do not plan to use a custom domain).
In addition I integrated Flask-BasicAuth. It works on localhost fine, one can only access the website if the username and password are known.
I also use Flask-WTF and a CRSF token on the form. After the from submits, which is a must, I request different statistics via AJAX.
1. User enters a daterange
2. User submits form and the basic dataset is selected
3. Different statistics are requested via AJAX POST
Step 3. means I have a lot of routes, which only accept a POST method and return a JSON object.
This tool MUST be only accessible by company members, because important data can be requested and seen.
Does my approach sound reasonable?
I am working on a statistic tool for our company, millions of datasets. Now I need to upload the project, so all company members can request data from everywhere.
I am working with Python 3/Flask and I plan to upload the project on heroku.
Heroku offers by default an SSL certificate (I do not plan to use a custom domain).
In addition I integrated Flask-BasicAuth. It works on localhost fine, one can only access the website if the username and password are known.
I also use Flask-WTF and a CRSF token on the form. After the from submits, which is a must, I request different statistics via AJAX.
1. User enters a daterange
2. User submits form and the basic dataset is selected
3. Different statistics are requested via AJAX POST
Step 3. means I have a lot of routes, which only accept a POST method and return a JSON object.
This tool MUST be only accessible by company members, because important data can be requested and seen.
Does my approach sound reasonable?