Hi,<br><br><div class="gmail_quote">On Tue, Jan 10, 2012 at 2:19 AM, Fernando Perez <span dir="ltr"><<a href="mailto:fperez.net@gmail.com">fperez.net@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<div class="im"><br>
On Mon, Jan 9, 2012 at 3:57 PM, Michael Waskom <<a href="mailto:mwaskom@stanford.edu">mwaskom@stanford.edu</a>> wrote:<br>
> Thanks for the hypothesis generation. It turns out that indeed we do have a<br>
> firewall on the network side that was blocking access. To get IT to open<br>
> some ports for me, I need to answer the following question, which I couldn't<br>
> figure out from the docs (compounded by my limited understanding of, well,<br>
> the internet): whether the ports use UDP or TCP.<br>
<br>
TCP.</div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
> Also, I just want to paranoidly confirm that this server will be secure "out<br>
> of the box" provided I followed the directions about setting up a password<br>
> for my notebook and transmitting it via SSL (so that possible intruders<br>
> don't get shell-like access to my system).<br>
<br>
</div>Well, in as much as we haven't found security holes yet under those<br>
conditions :)<br>
<br>
What I mean is: there are no 'guaranteed secure' systems on the<br>
internet, only systems whose security flaws haven't been found yet.<br>
For this reason, we more than welcome scrutiny of the code that deals<br>
with these issues in IPython, and will do our best to rapidly address<br>
any problems reported to us.<br></blockquote><div><br></div><div>Of course. Not expecting a miracle, just wanted to have the Berkeley researcher on record in case I inadvertently bring down the Stanford network and need to redirect the mob :).</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
But with these caveats, the answer is: yes, to the best of our<br>
knowledge, once you put a password and enable SSL, the system is<br>
secure. SSL forces all communication between your browser and the<br>
server to travel encrypted (including the password) and having a<br>
password means that nobody can get past the front page unless they<br>
know it.<br>
<br>
We also made sure the password storage format is in hashed/salted<br>
mode, so that even if someone reads your config file (which is stored<br>
in user-only directories just like SSH keys are), they still don't<br>
have your password. There is enough salt to make any brute-force<br>
attack using precomputed tables with present generation technology<br>
impractical.<br>
<br>
Cheers,<br>
<br>
f<br>
</blockquote></div><br><div>Thanks for your help! If you don't hear from me again on this topic, everything went smoothly as soon as IT opened up a port.</div>