hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add two short notes about db security

Browse Source
This commit is contained in:
Peter Parente
2016-11-12 11:49:17 -08:00
parent 0ffd53424d
commit f8a57eb7d9
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/source/getting-started.md
View File

@@ -90,7 +90,7 @@ By default, starting JupyterHub will write two files to disk in the current work
- `jupyterhub.sqlite` is the sqlite database containing all of the state of the **Hub**. - `jupyterhub.sqlite` is the sqlite database containing all of the state of the **Hub**.
This file allows the **Hub** to remember what users are running and where, This file allows the **Hub** to remember what users are running and where,
as well as other information enabling you to restart parts of JupyterHub separately. as well as other information enabling you to restart parts of JupyterHub separately. It is important to note that this database contains *no* sensitive information other than **Hub** usernames.
- `jupyterhub_cookie_secret` is the encryption key used for securing cookies. - `jupyterhub_cookie_secret` is the encryption key used for securing cookies.
This file needs to persist in order for restarting the Hub server to avoid invalidating cookies. This file needs to persist in order for restarting the Hub server to avoid invalidating cookies.
Conversely, deleting this file and restarting the server effectively invalidates all login cookies. Conversely, deleting this file and restarting the server effectively invalidates all login cookies.
@@ -236,6 +236,8 @@ security configuration:
2. Cookie secret (a key for encrypting browser cookies) 2. Cookie secret (a key for encrypting browser cookies)
3. Proxy authentication token (used for the Hub and other services to authenticate to the Proxy) 3. Proxy authentication token (used for the Hub and other services to authenticate to the Proxy)
*Note* that the **Hub** hashes all secrets (e.g., auth tokens) before storing them in its database. A loss of control over read-access to the database should have no security impact on your deployment.
### SSL encryption ### SSL encryption
Since JupyterHub includes authentication and allows arbitrary code execution, you should not run Since JupyterHub includes authentication and allows arbitrary code execution, you should not run
@@ -339,8 +341,6 @@ date.
A handy website for testing your deployment is A handy website for testing your deployment is
[Qualsys' SSL analyzer tool](https://www.ssllabs.com/ssltest/analyze.html). [Qualsys' SSL analyzer tool](https://www.ssllabs.com/ssltest/analyze.html).
## Authentication and users ## Authentication and users
The default Authenticator uses [PAM][] to authenticate system users with their username and password. The default Authenticator uses [PAM][] to authenticate system users with their username and password.