[Azure OpenAI Connector] Possible security concern
Reactive icon
Forge component by Platform Maintenance
Application Type


We are starting to use this component as a PoC for a mobile app. We are not using the public OpenAI services but our own Azure hosted OpenAI services. This works but has lead me to some security concerns.

The component currently is client based and needs the security details to communicate with OpenAI. This means that I need to provide these details either hard-coded or via a data action (I do the latter since we have around 20 OpenAI services running that we round-robin between). But by providing these details I open ourselves to interception of these details (since the client is insecure by definition) and this is something that I do not want.

So a possible solution would be to have a "proxy" that is running on the backend. This proxy gets the details, requests the information and relays the answer (preferably by stream) to the client. Is this something that is possible to implement? 

Note that these OpenAI services will be learning about our IP in the (hopefully) near future and this will then be a really big issue for us. 



Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.