[IPython-User] Help troubleshooting notebook as public server

Michael Waskom mwaskom@stanford....
Tue Jan 10 12:34:55 CST 2012


Hi,

On Tue, Jan 10, 2012 at 2:19 AM, Fernando Perez <fperez.net@gmail.com>wrote:

> Hi,
>
> On Mon, Jan 9, 2012 at 3:57 PM, Michael Waskom <mwaskom@stanford.edu>
> wrote:
> > Thanks for the hypothesis generation. It turns out that indeed we do
> have a
> > firewall on the network side that was blocking access.  To get IT to open
> > some ports for me, I need to answer the following question, which I
> couldn't
> > figure out from the docs (compounded by my limited understanding of,
> well,
> > the internet):  whether the ports use UDP or TCP.
>
> TCP.
>
> Also, I just want to paranoidly confirm that this server will be secure
> "out
> > of the box" provided I followed the directions about setting up a
> password
> > for my notebook and transmitting it via SSL (so that possible intruders
> > don't get shell-like access to my system).
>
> Well, in as much as we haven't found security holes yet under those
> conditions :)
>
> What I mean is: there are no 'guaranteed secure' systems on the
> internet, only systems whose security flaws haven't been found yet.
> For this reason, we more than welcome scrutiny of the code that deals
> with these issues in IPython, and will do our best to rapidly address
> any problems reported to us.
>

Of course.  Not expecting a miracle, just wanted to have the Berkeley
researcher on record in case I inadvertently bring down the Stanford
network and need to redirect the mob :).


> But with these caveats, the answer is: yes, to the best of our
> knowledge, once you put a password and enable SSL, the system is
> secure.  SSL forces all communication between your browser and the
> server to travel encrypted (including the password) and having a
> password means that nobody can get past the front page unless they
> know it.
>
> We also made sure the password storage format is in hashed/salted
> mode, so that even if someone reads your config file (which is stored
> in user-only directories just like SSH keys are), they still don't
> have your password.  There is enough salt to make any brute-force
> attack using precomputed tables with present generation technology
> impractical.
>
> Cheers,
>
> f
>

Thanks for your help! If you don't hear from me again on this topic,
everything went smoothly as soon as IT opened up a port.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.scipy.org/pipermail/ipython-user/attachments/20120110/2e493de3/attachment.html 


More information about the IPython-User mailing list