secure password handling in RShiny & RConnect

Hello,

we were approached by one of our data scientist with the following scenario and questions. We hope you can help us to solve his problems.

The idea is to create a Shiny app as a frontend for a different application. The other application is password-protected and loads user-specific content. Thus, it is necessary for the Shiny app to be able to send username and password of the person currently using it to the other application.

The easiest way is to ask the user for his credentials – but in the documentation of passwordInput Shiny - Create a password input control — passwordInput we didn’t find any way around storing the password. It will always be stored in input$ because of the way these input patterns are designed in RShiny. We are in contact with our QA and Compliance departments, but don’t think that this is a good idea to use.

We also thought about using a different user authentication on our Connect server that would allow this. We are currently using LDAP.

Can you think of any way of how to utilise the user’s credentials when he’s logged in to Connect and running the app, without any need to store the password in our app?
We are glad for hints and ideas or best practices or whatever you can provide us with.
Thank you in advance!
Anja Summa

Can your backend application work with Kerberos tickets? In that case you could switch to PAM authentication and use credential caching together with current user execution.

Hi Ralf,
thank you for your answer. We are currently evaluating this possibility. I'll get back when there is news.