Sensitive data in hidden div

ndupuis · November 6, 2020, 8:45am

Hello,

My app does this:

Dash Basic authentication step
loading data from a local file into a hidden div when building the layout
inside a callback, it retrieves which user is loggued in (it looks like I can only do that inside a callback) and then blind specific data. The blinding strategy is user based, i.e. I must know who’s loggued in.
Callback outputs a dash table with the blinded data, that the user can see.

Here are my questions:

Is there a way (through Development Tools in Chrome for example or any other way) for anyone to see the unblinded sensitive data in the hidden div? Where would that be?
Bonus question: I wish I could blind the data before storing in the hidden div (so the callback doesn’t have to re-apply the same blinding for the same user again and again). What could be a strategy?

Many thanks for your answers !

Kind regards,
Nicolas

Emil · November 6, 2020, 8:59am

Yes, that’s easy. As you note yourself, one approach would be via the Development Tools in Chrome. Just browse the elements until you hit the div with the sensitive data.
If the data are sensitive, you should never transmit them to the client. Hence you should filter the data in the callback and return only the filtered data.

Topic		Replies	Views
Sharing Data between Callbacks with Hidden Div Dash Python	4	4733	June 22, 2020
Storing the json dumps to the hidden div Dash Python	4	3711	January 18, 2020
Can a callback have no input? Dash Python	3	12773	August 17, 2018
How to get div children without using input? Dash Python	1	763	June 12, 2018
Callback problem from invisible div Dash Python	0	529	September 7, 2018