Hard-coded external database credentials?

Hi all,
I have almost finished my first shiny app and I would like to ask for advice for the final step. The app allows to view (tables, graphs) and modifiy the content of a remote database (stored on some separate database server). I would like to implement a "view mode" which should be the default at each session start, only allowing to view but not to edit the databse content. After entering a password, users should be able to enter "edit mode", thus being able to modify the database (corresponding GUI elements to modify the database content are already included).

I would like to make the code of the app public and I am contemplating how to deal with the database passwords. Here is how I am planning to do it:

  • Hard-code the username and password of a read-only account for the remote database. These cretentials would be open to anyone looking at the code (I hope it is safe to disclose read-only credentials for a MySQL-DB on the web(?))
  • Implement a text-input in shiny asking for another username:password for user who want to get write access. These user inputs would then be tested by trying to establish a connection to the database in order to verify that they are correct write-access credentials. If the credentials are correct, the user would be allowed to use the GUI elements related to editing database content.

Would that be a reasonable strategy?

Is it correct that if different users open the shiny app at the same time from their respective browsers, each users starts in his/her own shiny-session, so there will be no interference between them in terms of beeing in read or write mode?

Thanks for your advice!
Best,
Peter

Take a look into this other topic where credential management is widely discusses.

2 Likes

This a good resource too
https://db.rstudio.com/best-practices/managing-credentials/

6 Likes

Dear cderv and andrescrs,
thanks a lot for your hints, I will have a look there!
Best regards,
Peter

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.