[IPython-dev] ipython html notebook server on dotcloud

Jason Grout jason-sage@creativetrax....
Wed Sep 5 09:26:26 CDT 2012

On 9/5/12 8:09 AM, Shoibal Chakravarty wrote:

> 1. Let anybody login with a login/passwd or the various authentication
> services.
> 2. Give them a secure walled-in temporary directory to work in, with
> restricted shell function access.
> 3. Limit resources they use (memory, CPU load etc) and automatically log
> them out if the violate this.
> 4. Limit sessions to xx minutes.
> 5. Set up a parallel database service for authentication and to let
> users save their notebooks etc. (eg, MongoDB uses json as storage)
> Which of these would be easily feasible? Especially point 2. Sage seems
> to create (and later destroy) a temporary working directory for each
> cell  and severely limits shell access. One directory per login with
> limited outside access might be better.

It's certainly a difficult problem, since you are basically giving them 
shell access.  I think it boils down to having a very restricted user 
account, quotas, and making sure there aren't, for example, 
world-writable files anywhere.  All inside of some sort of VM that is 
easy to reset to a known good state.

You're right about Sage's approach.  There are several efforts to make 
things more secure and scalable now, including the Sage Cell Server 
which relies on the IPython infrastructure.  Let me know if you want 
more details.



More information about the IPython-dev mailing list