[IPython-dev] ipython html notebook server on dotcloud
Jason Grout
jason-sage at creativetrax.com
Wed Sep 5 10:26:26 EDT 2012
On 9/5/12 8:09 AM, Shoibal Chakravarty wrote:
> 1. Let anybody login with a login/passwd or the various authentication
> services.
> 2. Give them a secure walled-in temporary directory to work in, with
> restricted shell function access.
> 3. Limit resources they use (memory, CPU load etc) and automatically log
> them out if the violate this.
> 4. Limit sessions to xx minutes.
> 5. Set up a parallel database service for authentication and to let
> users save their notebooks etc. (eg, MongoDB uses json as storage)
>
> Which of these would be easily feasible? Especially point 2. Sage seems
> to create (and later destroy) a temporary working directory for each
> cell and severely limits shell access. One directory per login with
> limited outside access might be better.
It's certainly a difficult problem, since you are basically giving them
shell access. I think it boils down to having a very restricted user
account, quotas, and making sure there aren't, for example,
world-writable files anywhere. All inside of some sort of VM that is
easy to reset to a known good state.
You're right about Sage's approach. There are several efforts to make
things more secure and scalable now, including the Sage Cell Server
which relies on the IPython infrastructure. Let me know if you want
more details.
Thanks,
Jason
More information about the IPython-dev
mailing list