My app needs the credentials - not just an oauth - for another site the user has an account with.
How can I collect this information and securely transfer it to my Uplink server?
Hi there!
All communication between the web browser and your server modules – and the uplink – is always encrypted. So it’s safe to do this the straightforward way: Put a username and password field on your form (a password field is just a TextBox with the hide_text property set to true), then pass their text values to an Uplink function with anvil.server.call().
1 Like
Brilliant!
This platform is insanely amazing.
Python has always lacked in GUI design and implementation, making it a slow and tedious process with the best option up to now being Qt. Then there was always the problem of how do I make an executable and those libs are all kinda iffy.
This platform circumvents all of those problems!!!
4 Likes
Hi Meredydd,
Following on from Connor’s question, please can you expand a little on the uplink security. I’m also working on solution with sensitive data. I pass a series of dictionaries from my local Postgres db to the form and from there generate and save a pdf print out of the form.
I understand the the data "inflight’ over uplink is encrypted and secure. What happens to the data “at rest” that I used to generate the form. Is that deleted once the form is refreshed and could it be vulnerable to malicious access? (not meaning to sound over dramatic, but I want to make sure I’ve got my bases covered in the very rare case where that data may be exposed).
I’m currently building on the free plan and will upgrade to the personal plan once the initial concept is proven.
Thank you for providing such an amazing platform. It’s been a lot of fun learning my way around Anvil!
2 Likes
Any data reaching the client is visible to anybody that has access to the client, even if it was encrypted during the transfer. The client doesn’t store any data, so once the browser session is closed, the data is gone.
But, if you want to create a PDF from dictionaries coming from an external database, you don’t need to send them to the client. You can have the PDF generated by a server function. Uplink and server functions can talk without any problem without passing through a form.
1 Like
Thanks Stefano. My current way uses the server function so I guess I’m okay for now. I will be letting users generate individual reports from the client side in the future. I guess if the report is generated from the client, as soon as the download is complete I can refresh the form and the data is removed.
Many thanks for the reply.
If the report is shown on the client, then you do need to send data to the client.
If the report is generated in PDF, then you don’t. The form will ask the server to get the dictionaries from the uplink, generate the PDF on the server, and return the PDF to the form. The form will only get the PDF, not the dictionaries.