[IPython-dev] pyzmq authentication
Jason Grout
jason-sage at creativetrax.com
Wed Jun 1 09:40:31 EDT 2011
On 5/31/11 1:45 PM, MinRK wrote:
> On Tue, May 31, 2011 at 11:13, Jason Grout<jason-sage at creativetrax.com> wrote:
>> On 5/31/11 12:57 PM, MinRK wrote:
>>>
>>> We did briefly have an encrypted socket, but the zeromq community
>>> rightly opposed that rather vehemently, largely because we aren't
>>> security experts, and the illusion of security provided by a poor
>>> implementation is really *less* secure than having no security at all.
>>>
>>> Our answer with IPython is that SSH provides our security. Typically
>>> the Controller listens on localhost, and the best way to connect to it
>>> from another machine is with an SSH tunnel (IPython does help create
>>> the tunnels) rather than listening on a public port. We do provide a
>>> small level of additional security by including an authentication key
>>> in all messages that is checked when receiving to determine if the
>>> sender is authorized to make a request.
>>
>> If I understand things correctly, if I have several frontends running code
>> on a single backend server (with multiple kernels---the sage notebook is my
>> usecase), then untrusted code from any of the kernels could connect to and
>> mess with the other sessions, right? Is it correct to say that any user
>> could connect with any kernel running on the same server?
>
> Oh, you are talking about the *non* parallel kernel. Yes, that code
> has exactly zero security - anyone with access to the sockets can
> execute arbitrary code. We really do need to replace
> IPython.zmq.session with the one in the parallel code which does
> include simple key checking, which should be per-kernel (or
> per-cluster in the parallel code).
I think simple key-checking is what I was talking about. Do you mean
something equivalent to the Authentication Keys section of the
multiprocessing module docs [1]? Basically, I pass in a shared secret
as an argument when I start the kernel, and then the pyzmq connection is
authenticated with this secret without transmitting the secret.
Thanks,
Jason
[1] http://docs.python.org/dev/library/multiprocessing#authentication-keys
More information about the IPython-dev
mailing list