hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 15:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated websecirity.md

Browse Source 
I have the grammatical errors written on the page such as improving the abbreviated words with apostrophes and other typos
This commit is contained in:
Arafat Abdussalam
2022-10-11 07:21:19 +01:00
committed by GitHub
parent c126cc3f9b
commit b87b8c52d3
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/source/reference/websecurity.md
View File

@@ -5,18 +5,18 @@ The **Security Overview** section helps you learn about:
- the design of JupyterHub with respect to web security - the design of JupyterHub with respect to web security
- the semi-trusted user - the semi-trusted user
- the available mitigations to protect untrusted users from each other - the available mitigations to protect untrusted users from each other
- the value of periodic security audits. - the value of periodic security audits
This overview also helps you obtain a deeper understanding of how JupyterHub This overview also helps you obtain a deeper understanding of how JupyterHub
works. works.
## Semi-trusted and untrusted users ## Semi-trusted and Untrusted Users
JupyterHub is designed to be a _simple multi-user server for modestly sized JupyterHub is designed to be a _simple multi-user server for modestly sized
groups_ of **semi-trusted** users. While the design reflects serving semi-trusted groups_ of **semi-trusted** users. While the design reflects serving semi-trusted
users, JupyterHub is not necessarily unsuitable for serving **untrusted** users. users, JupyterHub is not necessarily unsuitable for serving **untrusted** users.
Using JupyterHub with **untrusted** users does mean more work by the Using JupyterHub with **untrusted** users entails more work by the
administrator. Much care is required to secure a Hub, with extra caution on administrator. Much care is required to secure a Hub, with extra caution on
protecting users from each other as the Hub is serving untrusted users. protecting users from each other as the Hub is serving untrusted users.
@@ -32,7 +32,7 @@ servers) as a single website (i.e. single domain).
To protect users from each other, a user must **never** be able to write arbitrary To protect users from each other, a user must **never** be able to write arbitrary
HTML and serve it to another user on the Hub's domain. JupyterHub's HTML and serve it to another user on the Hub's domain. JupyterHub's
authentication setup prevents a user writing arbitrary HTML and serving it to authentication setup prevents a user from writing arbitrary HTML and serving it to
another user because only the owner of a given single-user notebook server is another user because only the owner of a given single-user notebook server is
allowed to view user-authored pages served by the given single-user notebook allowed to view user-authored pages served by the given single-user notebook
server. server.
@@ -41,7 +41,7 @@ To protect all users from each other, JupyterHub administrators must
ensure that: ensure that:
- A user **does not have permission** to modify their single-user notebook server, - A user **does not have permission** to modify their single-user notebook server,
including: as well as:
- A user **may not** install new packages in the Python environment that runs - A user **may not** install new packages in the Python environment that runs
their single-user server. their single-user server.
- If the `PATH` is used to resolve the single-user executable (instead of - If the `PATH` is used to resolve the single-user executable (instead of
@@ -101,8 +101,8 @@ pose additional risk to the web application's security.
### Encrypt internal connections with SSL/TLS ### Encrypt internal connections with SSL/TLS
By default, all communication on the server, between the proxy, hub, and single By default, all communications on the server, between the proxy, hub, and single
-user notebooks is performed unencrypted. Setting the `internal_ssl` flag in -user notebooks are performed unencrypted. Setting the `internal_ssl` flag in
`jupyterhub_config.py` secures the aforementioned routes. Turning this `jupyterhub_config.py` secures the aforementioned routes. Turning this
feature on does require that the enabled `Spawner` can use the certificates feature on does require that the enabled `Spawner` can use the certificates
generated by the `Hub` (the default `LocalProcessSpawner` can, for instance). generated by the `Hub` (the default `LocalProcessSpawner` can, for instance).
@@ -118,7 +118,7 @@ extend to securing the `tcp` sockets as well.
## Security audits ## Security audits
We recommend that you do periodic reviews of your deployment's security. It's We recommend that you do periodic reviews of your deployment's security. It is
good practice to keep JupyterHub, configurable-http-proxy, and nodejs good practice to keep JupyterHub, configurable-http-proxy, and nodejs
versions up to date. versions up to date.
@@ -129,7 +129,7 @@ A handy website for testing your deployment is
## Vulnerability reporting ## Vulnerability reporting
If you believe youve found a security vulnerability in JupyterHub, or any If you believe you have found a security vulnerability in JupyterHub, or any
Jupyter project, please report it to Jupyter project, please report it to
[security@ipython.org](mailto:security@ipython.org). If you prefer to encrypt [security@ipython.org](mailto:security@ipython.org). If you prefer to encrypt
your security reports, you can use [this PGP public your security reports, you can use [this PGP public