In order to help folks understand why landing on the bookstore cloning page (served as text/html), we should outline the threat model, security risks, and mitigations.
Summary
Some initial users have complained about having an extra click when cloning. It definitely slows the intended user experience of a smooth way to share notebooks.
We need to mitigate the risk of users loading notebooks that they didn't wish to onto their compute. Since the jupyter notebook server is one big remote code execution platform, the holy grail of security vulnerabilities, we have to be extra vigilant. While there are many other ways to attempt to exploit the overall system, we don't wish for our portion to be a wide attack vector.
Scenario
Malicious notebook is sitting on Bucket MyBucket at path my/notebook/path.ipynb
In order to help folks understand why landing on the bookstore cloning page (served as
text/html
), we should outline the threat model, security risks, and mitigations.Summary
Some initial users have complained about having an extra click when cloning. It definitely slows the intended user experience of a smooth way to share notebooks.
We need to mitigate the risk of users loading notebooks that they didn't wish to onto their compute. Since the jupyter notebook server is one big remote code execution platform, the holy grail of security vulnerabilities, we have to be extra vigilant. While there are many other ways to attempt to exploit the overall system, we don't wish for our portion to be a wide attack vector.
Scenario
Malicious notebook is sitting on Bucket
MyBucket
at pathmy/notebook/path.ipynb
User is passed a link looking like:
With our current clone page, the user has to decide if they mean to import this notebook.