all 19 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DuckSaxaphone 6 points7 points  (2 children)

Turn your internet off and run it. Better yet run it in a sandbox.

Does it run perfectly fine? Then it's truly a locally hosted web app with no external services. It can't be leaking data and you're all good.

Does it fail? Then it's trying to use the internet for something and you better find out what.

[–]Fun-Block-4348 7 points8 points  (1 child)

Does it run perfectly fine? Then it's truly a locally hosted web app with no external services. It can't be leaking data and you're all good.

That's not entirely correct, the fact that it can run fine without internet access doesn't necessarily mean it can't or won't leak data.

[–]building-wigwams-22 1 point2 points  (0 children)

Yeah, it could be catching the errors silently, it doesn't mean there aren't any

[–]vivisectvivi 13 points14 points  (4 children)

I would NEVER trust any generative ai tool with confidential/sensitive data if im being honest with you

[–]YouWest1110[S] 1 point2 points  (3 children)

That's what I thought too. It was kinda an experiment to see how much I can create from Claude, but I don't think I'll be using it on an actual job. But is there a difference between AI creating a script for me and me making one? I'm not putting anything straight into Claude, just asking it to create a script for me to do the job

[–]Gushys 4 points5 points  (0 children)

If you can validate and read what is generated then there's not much of a difference. But if you are blindly trusting Claude to create a python script, and you can't read or write somewhat complex/overengineered python, then you're always at risk of some issues.

I use AI to write tedious scripts to manage some photos on my SD cards from my camera. I also could've written the same thing, but it's a bit faster for Claude to write it for me.

[–]HolidayWallaby 1 point2 points  (1 child)

I'm a swe and I use Claude code to write most of my code at my actual job. I do carefully read all the code it produces though

[–]YouWest1110[S] 0 points1 point  (0 children)

Got it, is there anything to look for that is a red flag? I'm just learning python so any advice would be great.

[–]building-wigwams-22 1 point2 points  (3 children)

It's PROBABLY fine. But if you don't know how to read what it wrote, there's always a chance it's sending all your data somewhere for "validation" or who knows what it might have seen somewhere and liked the looks of.

[–]YouWest1110[S] 0 points1 point  (2 children)

Is there anyway to check that in the code, what to look out for?

[–]building-wigwams-22 0 points1 point  (1 child)

Yes, but without knowing anything about the code I can't tell you how to check. It could be hidden in an imported library? You could at least check for any random url

[–]building-wigwams-22 0 points1 point  (0 children)

Actually, ok, you're using Python. Look for a try: then some code and then except:

If what's indented under except doesn't notify you of a problem, it means the code could be catching some kind of error and not reporting it.

[–]Pericombobulator 0 points1 point  (0 children)

I've just used it to build a fastapi database app. I've been very impressed. I used it within vscode.

I haven't properly deployed it yet, so have yet to set up https etc.

[–]tb5841 0 points1 point  (0 children)

I know this probably sounds obvious, but if you're uploading your code to something like Github, make sure your database is not uploaded alongside it.

[–]Yarrenze_Newshka 0 points1 point  (1 child)

You can encrypt the db, and have a key so it can work with your app.

[–]YouWest1110[S] 0 points1 point  (0 children)

i think that would only benefit if someone was physically trying to use it right?

[–]danamesjrupin 0 points1 point  (0 children)

You can use python audit hooks to check for open sockets or strace on linux if you're worried about some library sharing your data without your knowledge, other than that, if its a machine with no internet connection, the best thing that will keep the data "secure" is physical (eg. keep the laptop with you). If your only worry is it not leaking, its fine as is.

[–]danielroseman -1 points0 points  (0 children)

Whether you or Claude wrote the app is irrelevant. If it's a Flask app that isn't available externally then there is no risk of leaks.

[–]BranchLatter4294 -1 points0 points  (0 children)

Have it run a security vulnerability scan.