[IPython-dev] ipython html notebook server on dotcloud

[Carl Smith]

Hi Shoibal

On 5 September 2012 14:09, Shoibal Chakravarty <shoibalc at gmail.com> wrote:
> I am still concerned about security implications of the notebook server.
> Ideally, I would like  the following:
>
> 1. Let anybody login with a login/passwd or the various authentication
> services.

IPython Notebook web servers can, and normally would, use password
protection, but this is a single password for that server. You can't
do anything more fine-grained at the moment. It's fundamentally a
single user system, but I know the developers are deeply engaged in
adding support for multiple users in the near future, and this will
obviously need to be secure. It's a major todo, but there's a lot of
considerations, so it'll take a lot of work to get it right.

> 2. Give them a secure walled-in temporary directory to work in, with
> restricted shell function access.

There was some discussion on this list about that kind of thing. I
think Julian Taylor had some good ideas along these lines. There's a
lot of interest in these types of uses, but they all depend on
crippling IPython, which is a tricky thing to do well.

> 3. Limit resources they use (memory, CPU load etc) and automatically log
> them out if the violate this.
> 4. Limit sessions to xx minutes.

I think this would have to be done by the PaaS provider, else users
could just hack the loggers. I'm not sure, but I'd imagine that kind
of feature would necessarily be external to IPython.

Sorry I can't be more help. I expect someone from IPython Dev will be
along soon enough, and be a bit more helpful than I've been. All the
best with this though Shoibal. It's a good area for exploration, and
you can almost always get IPython to do what you want with a little
imagination.

Carl