<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">re whitelisting, a possibly useful
model is what pythonanywhere does:<br>
<br>
<a class="moz-txt-link-freetext" href="https://www.pythonanywhere.com/wiki/403ForbiddenError">https://www.pythonanywhere.com/wiki/403ForbiddenError</a> (you can ask
for sites to be put on the whitelist)<br>
<a class="moz-txt-link-freetext" href="https://www.pythonanywhere.com/whitelist/">https://www.pythonanywhere.com/whitelist/</a> (sites free users can
access)<br>
<br>
-Raymond<br>
<br>
On 3/16/15 9:58 AM, William Stein wrote:<br>
</div>
<blockquote
cite="mid:CACLE5GC-hGqpzL8jzohOWNZyF-Jh7nxJVq=J8V9sfkuZZvE1VQ@mail.gmail.com"
type="cite"><br>
<br>
On Monday, March 16, 2015, MinRK <<a moz-do-not-send="true"
href="mailto:benjaminrk@gmail.com">benjaminrk@gmail.com</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">tmpnb (<a moz-do-not-send="true"
href="http://try.jupyter.org" target="_blank">try.jupyter.org</a>)
takes a similar, if more restrictive, approach to
SageMathCloud. User containers simply have no network access.
We should probably adopt a strict whitelist of services like
William has done.
<div><br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>Do people complain?<span></span></div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>-MinRK</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Mar 16, 2015 at 8:14 AM,
William Stein <span dir="ltr"><<a moz-do-not-send="true"
href="javascript:_e(%7B%7D,'cvml','wstein@gmail.com');"
target="_blank">wstein@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>On Mon, Mar 16, 2015 at 6:55 AM, Robert Alexander<br>
<<a moz-do-not-send="true"
href="javascript:_e(%7B%7D,'cvml','roalexan@microsoft.com');"
target="_blank">roalexan@microsoft.com</a>>
wrote:<br>
> Do people have any advice/experience on how to
prevent spam, ddos, etc. from<br>
> users' IPython notebooks? Since arbitrary Python
code is what IPython<br>
> notebook is all about (see:<br>
> <a moz-do-not-send="true"
href="http://ipython.org/ipython-doc/dev/notebook/security.html"
target="_blank">http://ipython.org/ipython-doc/dev/notebook/security.html</a>),
this might be<br>
> difficult to achieve.<br>
<br>
</div>
</div>
For SageMathCloud (<a moz-do-not-send="true"
href="https://cloud.sagemath.com" target="_blank">https://cloud.sagemath.com</a>),
which hosts IPython<br>
notebook servers, by default I use a firewall to disable
most outside<br>
network access by default. Uses can write to me to
explain what they<br>
are doing and request network access.<br>
<br>
Last year I was having fairly regular problems with people
using<br>
SageMathCloud to launch hacking attacks against targets,
which<br>
resulted in complaints from those targets. I also had
problems with<br>
people downloading content, e.g., from MathSciNet, which
violated<br>
their terms of usage (this was an unintentional mistake by
a grad<br>
student). Basically, SageMathCloud would regularly get
flagged by<br>
University of Washington Netops. Once I setup a firewall
with a small<br>
*whitelist* (including, e.g., github), I haven't had one
single<br>
problem like this.<br>
<br>
-- William<br>
<br>
><br>
><br>
> _______________________________________________<br>
> IPython-dev mailing list<br>
> <a moz-do-not-send="true"
href="javascript:_e(%7B%7D,'cvml','IPython-dev@scipy.org');"
target="_blank">IPython-dev@scipy.org</a><br>
> <a moz-do-not-send="true"
href="http://mail.scipy.org/mailman/listinfo/ipython-dev"
target="_blank">http://mail.scipy.org/mailman/listinfo/ipython-dev</a><br>
><br>
<span><font color="#888888"><br>
<br>
<br>
--<br>
William (<a moz-do-not-send="true"
href="http://wstein.org" target="_blank">http://wstein.org</a>)<br>
_______________________________________________<br>
IPython-dev mailing list<br>
<a moz-do-not-send="true"
href="javascript:_e(%7B%7D,'cvml','IPython-dev@scipy.org');"
target="_blank">IPython-dev@scipy.org</a><br>
<a moz-do-not-send="true"
href="http://mail.scipy.org/mailman/listinfo/ipython-dev"
target="_blank">http://mail.scipy.org/mailman/listinfo/ipython-dev</a><br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
-- <br>
William (<a moz-do-not-send="true" href="http://wstein.org"
target="_blank">http://wstein.org</a>)<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
IPython-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:IPython-dev@scipy.org">IPython-dev@scipy.org</a>
<a class="moz-txt-link-freetext" href="http://mail.scipy.org/mailman/listinfo/ipython-dev">http://mail.scipy.org/mailman/listinfo/ipython-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>