Protecting access to glimmer shiny apps

Question

This is a followup question my previous question: Is is possible to see the code for shiny glimmer apps

I was wondering is it too simplistic to build a DynamicUI as suggested here by R-Studio, that basically acts as a username and password to protect access to a glimmer app?

I was thinking of using something simple like the below in principal (obviously with all the inputs and outputs added etc:

if(username=="x" & password=="y") { run the shinny app } else { print("access denied")}

but was wondering if this is too simplistic and is something that could easily be broken.

Or perhaps somehow only allowing for three tries for the username and password combo...somehow...not too sure how shiny is going to recognise the same user has come back though...

Thoughts on this would be appreciated.

Answer 1

Yes, in principle. The server part of the code is being controlled by user inputs from the web form, so if one of those form components is a password then the server code can scream at the user.

The problem is that the password needs to be sent every time, so either the user has to input it every time, or the form has to remember it. Since you don't have control over the server you can't use cookies tied to sessions which is the usual way security sessions are managed, but you could put the password as a hidden item in any forms rendered back to the user once they've filled it in correctly the first time.

But as with most internet security questions, if you have to ask, you shouldn't be doing it.