search

kasnerz / factgenie

A Toolkit for Annotating and Visualizing LLM Hallucinations
MIT License
1 stars 0 forks source link

Prevent users from accessing other pages #19

Open kasnerz opened 2 weeks ago

kasnerz commented 2 weeks ago

We have currently no good way to prevent the annotators from accessing other pages in our app, including the page for managing the annotation campaigns.

Besides guessing the URLs of individual pages, the annotators can simply guess that there is an index page (/) and proceed from there 😅

The only this we have currently are two flags in the config.yml file: allow_annotate and allow_browse. If both flags are set to false, the pages in question will become inaccessible - unfortunately, both for the users and for the researchers.

The simplest workaround would be setting a password in the config.yml file and requring this password in the URL parameters, at least as long as the annotation is running.

A better way would be to have something like user accounts and use cookies so that we do not need to send the password in plaintext.

oplatek commented 1 week ago

Inspiration https://blog.luisrei.com/articles/flaskrest.html