I have a question about the security of sending sensitive data using a callable name.
Use case:
Multi-user application. Users must log in to use the application. After logging in, they can add any number of devices, and a unique key is generated for each device. This unique key must be entered on the device (Raspberry Pico) in order to be able to operate it using the application. Each user sees/operates only their devices via callable name:
DEVICE_UNIQUE_KEY = 'abc123'
@anvil.pico.callable('my_func' + DEVICE_UNIQUE_KEY, is_async=True)
async def my_func():
return 42
This is where the question of communication comes in. If the uplink communicates with only one device (the one that has the appropriate unique key) then it seems to be secure. However, if the uplink communicates with all devices (also devices of other users) and only the devices decide whether it is directed to them or not, then can such communication be intercepted and the unique key read?