-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document bookstore threat model, security risks, and mitigations #151
Labels
Comments
willingc
changed the title
Document why the bookstore landing page requires an extra click
Document bookstore threat model, security risks, and mitigations
Jul 30, 2019
Draft OutlineThreat model
Security risks
Mitigations
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to help folks understand why landing on the bookstore cloning page (served as
text/html
), we should outline the threat model, security risks, and mitigations.Summary
Some initial users have complained about having an extra click when cloning. It definitely slows the intended user experience of a smooth way to share notebooks.
We need to mitigate the risk of users loading notebooks that they didn't wish to onto their compute. Since the jupyter notebook server is one big remote code execution platform, the holy grail of security vulnerabilities, we have to be extra vigilant. While there are many other ways to attempt to exploit the overall system, we don't wish for our portion to be a wide attack vector.
Scenario
Malicious notebook is sitting on Bucket
MyBucket
at pathmy/notebook/path.ipynb
User is passed a link looking like:
With our current clone page, the user has to decide if they mean to import this notebook.
The text was updated successfully, but these errors were encountered: