How to deploy flask GUI web application only locally with exe file?

Question

I'd like to build a GUI for a few Python functions I've written that pull data from MS SQL Server. My boss wants me to share the magic of Python & SQL with the rest of the team, without them having to learn any coding.

I've decided to go down the route of using Flask to create a webapp and creating an executable file using pyinstaller. I'd like it to work similarly to Jupyter Notebook, where you click on the file and it opens the notebook in your browser.

I was able to hack together some code to get a working prototype of the GUI. The issue is I don't know how to deploy it. I need the GUI/Webapp to only run on the local computer for the user I sent the file to, and I don't want it accessible via the internet (because of proprietary company data, security issues, etc).

The only documentation I've been able to find for deploying Flask is going the routine route of a web server.

So the question is, can anyone provide any guidance on how to deploy my GUI WebApp so that it's only available to the user who has the file, and not on the world wide web?

Thank you!

Answer 1

So, a few assumptions-- since you're a business and you're rocking a SQLServer-- you likely have Active Directory, and the computers that you care to access this app are all hooked into that domain (so, in reality, you, or your system admin does have full control over those computers).

Also, the primary function of the app is to access a SQLServer to populate itself with data before doing something with that data. If you're deploying that app, I'm guessing you're probably also including the SQLServer login details along with it.

With that in mind, I would just serve the Flask app on the network on it's own machine (maybe even the SQLServer machine if you have the choice), and then either implement security within the app that feeds off AD to authenticate, or just have a simple user/pass authentication you can distribute to users. By default random computers online aren't going to be able to access that app unless you've set your firewalls to deliberately route WAN traffic to it.

That way, you control the Flask server-- updates only have to occur at one point, making development easier, and users simply have to open up a link in an email you send, or a shortcut you leave on their desktop.

Answer 2

Unfortunately, you do not have control over a give users computer.

You are using flask, so your application is a web application which will be exposing your data to some port. I believe the default flask port is 5000.

Regardless, if your user opens the given port in their firewall, and this is also open on whatever router you are connected to, then your application will be publicly visible.

There is nothing that you can do from your python application code to prevent this.

Having said all of that, if you are running on 5000, it is highly unlikely your user will have this port publicly exposed. If you are running on port 80 or 8080, then the chances are higher that you might be exposing something.

A follow up question would be where is the database your web app is connecting to? Is it also on your users machine? If not, and your web app can connect to it regardless of whose machine you run it on, I would be more concerned about your DB being publicly exposed.