Are sessions secure? - Githubissues

jupyterhub / jupyter-rsession-proxy

Jupyter extensions for running an RStudio rsession proxy

BSD 3-Clause "New" or "Revised" License

118 stars 87 forks source link

Are sessions secure? #1

Closed ryanlovett closed 5 years ago

yuvipanda commented 6 years ago

Assuming this is talking about securing access to rstudio, I'm guessing it is secured with @web.authenticated now. However, if you are using this in a non-containerized environment then other users on the machine can access your rstudio easily...

yuvipanda commented 6 years ago

Let's add documentation on this. TLDR is:

Anyone who can reach the RStudio port can access RStudio
This means it is secure when running inside containers / other spawners that prevent access to localhost from other users. It's insecure otherwise.
Recommend people only run this with KubeSpawner & DockerSpawner.

ryanlovett commented 5 years ago

Documented by https://github.com/jupyterhub/nbrsessionproxy/commit/482fadc84b477e7b0c5fc50295308c202e4331c7#diff-04c6e90faac2675aa89e2176d2eec7d8.