[IPython-dev] how to prevent spam, ddos, etc. from IPython notebooks
William Stein
wstein at gmail.com
Mon Mar 16 13:32:14 EDT 2015
On Monday, March 16, 2015, MinRK <benjaminrk at gmail.com> wrote:
>
>
> On Mon, Mar 16, 2015 at 10:58 AM, William Stein <wstein at gmail.com
> <javascript:_e(%7B%7D,'cvml','wstein at gmail.com');>> wrote:
>
>>
>>
>> On Monday, March 16, 2015, MinRK <benjaminrk at gmail.com
>> <javascript:_e(%7B%7D,'cvml','benjaminrk at gmail.com');>> wrote:
>>
>>> tmpnb (try.jupyter.org) takes a similar, if more restrictive, approach
>>> to SageMathCloud. User containers simply have no network access. We should
>>> probably adopt a strict whitelist of services like William has done.
>>>
>>>
>> Do people complain?
>>
>
> I think we've had a question or two, but not much that I'm aware of.
> Unlike SMC, try.jupyter is really for doing quick demos of the notebook
> itself, not a hosted place to do actual work, which I think results in a
> big difference in expectations of what should be possible or allowed. The
> network lockdown emphasizes that, as does the ephemeral nature of the
> containers.
>
I just looked around the try.jupyter site (on a tablet) and couldn't even
find an email or feedback link. So that might slightly reduce the amount of
feedback you get.
>
> -MinRK
>
>
>>
>>
>>> -MinRK
>>>
>>> On Mon, Mar 16, 2015 at 8:14 AM, William Stein <wstein at gmail.com> wrote:
>>>
>>>> On Mon, Mar 16, 2015 at 6:55 AM, Robert Alexander
>>>> <roalexan at microsoft.com> wrote:
>>>> > Do people have any advice/experience on how to prevent spam, ddos,
>>>> etc. from
>>>> > users' IPython notebooks? Since arbitrary Python code is what IPython
>>>> > notebook is all about (see:
>>>> > http://ipython.org/ipython-doc/dev/notebook/security.html), this
>>>> might be
>>>> > difficult to achieve.
>>>>
>>>> For SageMathCloud (https://cloud.sagemath.com), which hosts IPython
>>>> notebook servers, by default I use a firewall to disable most outside
>>>> network access by default. Uses can write to me to explain what they
>>>> are doing and request network access.
>>>>
>>>> Last year I was having fairly regular problems with people using
>>>> SageMathCloud to launch hacking attacks against targets, which
>>>> resulted in complaints from those targets. I also had problems with
>>>> people downloading content, e.g., from MathSciNet, which violated
>>>> their terms of usage (this was an unintentional mistake by a grad
>>>> student). Basically, SageMathCloud would regularly get flagged by
>>>> University of Washington Netops. Once I setup a firewall with a small
>>>> *whitelist* (including, e.g., github), I haven't had one single
>>>> problem like this.
>>>>
>>>> -- William
>>>>
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > IPython-dev mailing list
>>>> > IPython-dev at scipy.org
>>>> > http://mail.scipy.org/mailman/listinfo/ipython-dev
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> William (http://wstein.org)
>>>> _______________________________________________
>>>> IPython-dev mailing list
>>>> IPython-dev at scipy.org
>>>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>>>
>>>
>>>
>>
>> --
>> William (http://wstein.org)
>>
>> _______________________________________________
>> IPython-dev mailing list
>> IPython-dev at scipy.org
>> <javascript:_e(%7B%7D,'cvml','IPython-dev at scipy.org');>
>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>
>>
>
--
William (http://wstein.org)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150316/5b603772/attachment.html>
More information about the IPython-dev
mailing list