hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-13 21:13:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reword based on @minrk's review

Browse Source
This commit is contained in:
Carol Willing
2017-07-21 11:47:24 -07:00
parent 9c21cf4c62
commit be62b1b9df
1 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/source/websecurity.md
View File

@@ -58,8 +58,8 @@ If any additional services are run on the same domain as the Hub, the services
## Mitigate security issues ## Mitigate security issues
There are two main approaches to mitigating these issues with configuration Several approaches to mitigating these issues with configuration
options provided by JupyterHub. options provided by JupyterHub include:
### Enable subdomains ### Enable subdomains
@@ -74,12 +74,7 @@ institutional domains, wildcard DNS and SSL are not available. **If you do plan
to serve untrusted users, enabling subdomains is highly encouraged**, as it to serve untrusted users, enabling subdomains is highly encouraged**, as it
resolves the cross-site issues. resolves the cross-site issues.
### Unavailable subdomains ### Disable user config
When subdomains are not available or not desirable, three steps can be taken
to secure JupyterHub from untrusted users.
#### Disable user config
If subdomains are not available or not desirable, JupyterHub provides a a If subdomains are not available or not desirable, JupyterHub provides a a
configuration option `Spawner.disable_user_config`, which can be set to prevent configuration option `Spawner.disable_user_config`, which can be set to prevent
@@ -87,16 +82,17 @@ the user-owned configuration files from being loaded. After implementing this
option, PATHs and package installation and PATHs are the other things that the option, PATHs and package installation and PATHs are the other things that the
admin must enforce. admin must enforce.
#### Prevent spawners from evaluating shell configuration files ### Prevent spawners from evaluating shell configuration files
For most Spawners, `PATH` is not something users can influence, but care should For most Spawners, `PATH` is not something users can influence, but care should
be taken to ensure that the Spawner does *not* evaluate shell configuration be taken to ensure that the Spawner does *not* evaluate shell configuration
files prior to launching the server. files prior to launching the server.
#### Isolate packages using virtualenv ### Isolate packages using virtualenv
Package isolation is most easily handled by running the single-user server in Package isolation is most easily handled by running the single-user server in
a virtualenv with disabled system-site-packages. a virtualenv with disabled system-site-packages. The user should not have
permission to install packages into this environment.
It is important to note that the control over the environment only affects the It is important to note that the control over the environment only affects the
single-user server, and not the environment(s) in which the user's kernel(s) single-user server, and not the environment(s) in which the user's kernel(s)