Hi all, I am very excited to have found Anvil. This is so cool. I’ve used TkInter and WX in the past and hated it soo much. I’ve spent a few hours playing around, and I think I get it conceptually. However, one major question remains:
Assume:
I am building an App that I want to ship to many Users
Each user will need to run code on his or her machine
Anvil is used to build the GUI component.
What I’m confident about:
It should be possible to put the GUI code and the Anvil open source server into an exe (using PyInstaller) that starts up the server and opens the GUI locally.
It probably would also be ok to have the GUI run as a web-app, as long as each user is isolated.
If I were to build this only for myself, using uplink to connect the GUI and my local machine should also be straightforward.
Question:
However, how would I ensure that each instance of that .exe has access to the users’s local backend?
Or, how would I ensure that each user of the web app accesses his local machine. (The local component must reside on the users local machine)
The unelegant solution would probably be to have each user grab a copy of the web-app and configure it to interface with his local machine via a unique uplink key.
Would this be permissible use of your technology?
Obviously, Anvil is a tool for building web-apps. But you probably could expand it quite easily into also a GUI building Tool.
Excellent Question! Sounds like an exciting project.
Have you thought about generating a random key with each instance?
Could you use the client code access level and require authentication?
Why would you want them to take the whole app local and not host it for multi-user access? It would make updates so much easier.
I’ve been contemplating a similar situation, distributing many uplink remote connectors to customers and plan to implement multi-level authentication and encryption.
Local code could be run, in principle, by giving each user their own Uplink program(s). This would be a lot leaner than giving them an entire Anvil installation! @J11’s “random key” idea could identify each distinct copy of the Uplink program, so you can tell who’s calling.
The flip side is, an Uplink program needs at least a Client-level access key. This key identifies specifically which Anvil app (yours) they are talking to, and grants limited (Client-level) access to the App’s features. This key is common to all the Uplink programs. If someone leaks it, you can change it – but then all the well-behaved Clients get locked out, too, until they get the new key.
With any technology, there will be tradeoffs. So it’s largely a matter of figuring out which tradeoffs matter most to you.
I am going to propose something else, related, but not exactly what was initially proposed in this thread.
Distributed Desktop Applications in a multi-user case employing the Uplink.
The Desktop Application installation package contains an exe (which includes the Uplink and core functionality), a config file and whatever else go along with it.
For Security (Conceptually):
Upon request, the web app generates a config file accompanying an installation package including the obfuscated Uplink Key, a client specific key, and a date-time oriented decryption method that only I know, all transmitted solely by encrypted means utilizing a hash of the client key and dynamic date/time encryption…
Aside from security, each desktop app instance would essentially be a client instance as if the client were accessing app endpoints from a web browser.
In a previous implementation, reminisce of how some of us have used the elevated Uplink server access as a daemon, I considered distributing the desktop application to sit in a wait_forever state, passing functions variably within a function; a concept albeit providing tremendous versatility, unnecessarily exposes server access in a non-trusted environment, and resulting in potential ‘insertion’ type attack vectors.
My train of thought to have the desktop application accept calls from my central app to include updates is to have it poll a queue via authenticated API endpoints.
Would it be better to build an API or to use the Uplink for this case? All the local app does is access a local database on the user’s machine.
I came across this post in the forum today: Multiple Uplinks To Same App . It outlines an approach using unique registered functions for each user with a user ID dynamically setting the function name.
It ties together nicely in terms of using the uplink in distributed desktop applications that connect to a single Anvil App instance.
I wonder how many uplinks can operate simultaneously.
Presently, I am preconfiguring the up-link desktop application with the user’s key connected to a user-specific isolated app instance, but I’m working on handling all of the users within one instance.
I think it will be neater to distribute the same application and have users input their unique key. It would be even neater to present user authentication with the desktop application, but I’m not sure how to do that yet.