Sensitive data in hidden div


My app does this:

  • Dash Basic authentication step
  • loading data from a local file into a hidden div when building the layout
  • inside a callback, it retrieves which user is loggued in (it looks like I can only do that inside a callback) and then blind specific data. The blinding strategy is user based, i.e. I must know who’s loggued in.
  • Callback outputs a dash table with the blinded data, that the user can see.

Here are my questions:

  1. Is there a way (through Development Tools in Chrome for example or any other way) for anyone to see the unblinded sensitive data in the hidden div? Where would that be?

  2. Bonus question: I wish I could blind the data before storing in the hidden div (so the callback doesn’t have to re-apply the same blinding for the same user again and again). What could be a strategy?

Many thanks for your answers !

Kind regards,

  1. Yes, that’s easy. As you note yourself, one approach would be via the Development Tools in Chrome. Just browse the elements until you hit the div with the sensitive data.

  2. If the data are sensitive, you should never transmit them to the client. Hence you should filter the data in the callback and return only the filtered data.