[IPython-dev] Using IPython notebooks to teach Python

Matthias Bussonnier bussonniermatthias at gmail.com
Thu Aug 28 05:07:37 EDT 2014 

Hi, 

Please have a look at 
    https://github.com/jupyter/jupyterhub
and
    https://github.com/jupyter/configurable-http-proxy


This is what will be used for IPython multi-user.

Le 28 août 2014 à 09:05, Sébastien Hinderer <Sebastien.Hinderer at inria.fr> a écrit :

> Dear all,
> 
> First of all, let me thank all those who have provided so useful
> responses to the question about setting up a multi-user notebook server.
> 
> Basically, we will do it as all of you seem to have done it: creating a
> Unix account for each user so that security relies on Unix permissions.
> Technically, we will write our own scripts but they will definitely
> devrive from existing work, so thanks again for having provided
> valuable resources.
> 
> One issue I'm curious about and that did not seem to be addressed in the
> resources I explored is the termination of webserver and
> kernel processes. Since we develop the solution in the context of a
> MOOC, there is the possibility of having plenty of users. So, letting
> all the processes run forever does not seem an option. There is
> indeed a limit in how many processes can run simultaneously on a system
> and, perhaps even more importantly, the number of available TCP ports is
> even smaller than that. Of course, the transpor beween web servers and
> kernels can be set-up to use Unix local sockets, but the webservs will
> all need a different port so if they are kept alive that means a limit
> on the number of users.
> 
> Perhaps one possibility here would be to have a web server running in
> front and redirecting connections to the notebook severs, based on a URL
> prefix or a similar solution. Not sure whether/ how this can be
> implemented, though.

This is what above link do. 


> Another suggestion, regarding IPython 3.0, would be to provide
> configuration parameters to let a kernel and a web server stop after
> some given idle time, or something like that.


Probably not. 
as you are in control of the server/proxy, you can have a 
deamon that monitor the connexion and send the rest command
 to shutdown with the logic you like. 

It will be much more reliable and flexible than baking in all the imaginable logic in IPython.

> Any comment on this aspect will of course be welcome!


We will be happy to get help on the developpement of this, 
The current funding of IPython is (as far as I know) coming to 
an end at the end of this year, so  we cannot promise that things 
will continue to move fast in the future. 

If your MOOC as a lot of audience and you use IPython/Python a lot, 
please consider proposing your hierarchy to give something to Python community. 

Be aware that isolating user on the server-side using container or alike is 
not the hard part of the security issue in using IPython.
The hard part is on the browser side. 

To anyone that say that container are used on server-side for security, 
be aware that what you say is equivalent to say :

	«  The server of your bank is in a vault with 5 ton door, of course you can 
	 send plain text email with your credit card number to any people that claim 
         to be the server, no one can access this server »

The risk is js injection in the browser, if it is a MOOC, steeling credential, replaying cookie auth,
CORS on web socket, and so on and so forth. 
— 
M


> 
> Bes wishes,
> Sébastien.
> 
> 
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140828/cdf84048/attachment.html>

More information about the IPython-dev mailing list