search

jupyter-server / enterprise_gateway

A lightweight, multi-tenant, scalable and secure gateway that enables Jupyter Notebooks to share resources across distributed clusters such as Apache Spark, Kubernetes and others.
https://jupyter-enterprise-gateway.readthedocs.io/en/latest/
Other
623 stars 222 forks source link

Encrypt kernel-startup negotiation #262

Closed kevin-bates closed 6 years ago

kevin-bates commented 6 years ago

We currently send the connection info derived by the launcher back to enterprise gateway in clear text. This information should be encrypted.

sanjay-saxena commented 6 years ago

Updated the title and the description of the issue as just encoding the initial handshake conversation between the Kernel Launchers and the Enterprise Gateway wouldn't satisfy the requirements for Enhanced Security.

Based on latest conversation, the initial handshake between the Kernel Launchers(Python, R, and Scala) and the Jupyter Enterprise Gateway would be encrypted using a symmetric-key algorithm such as AES whose implementation is not only readily available in all three languages/platforms but also works across cross-languages/platforms as the encryption and decryption may be happening in different languages/platforms.

lresende commented 6 years ago

This added pycrypto 2.6.1 dependency which is compatible with our license.