Skip to content

Commit ade470c

Browse files
consideRatioconsideRatio
authored
Merge pull request #359 from manics/readme-warn-net
README: warn about unlimited local network access
2 parents 72e7dcb + ac76d02 commit ade470c

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,24 @@ The primary use cases are:
3232
[The documentation](https://jupyter-server-proxy.readthedocs.io/)
3333
contains information on installation & usage.
3434

35+
## Security warning
36+
37+
Jupyter Server Proxy is often used to start a user defined process listening to
38+
some network port (e.g. http://localhost:4567) for a user starting a Jupyter Server
39+
that only that user has permission to access. The user can then access the
40+
started process proxied through the Jupyter Server.
41+
42+
For safe use of Jupyter Server Proxy, you should ensure that the process started
43+
by Jupyter Server proxy can't be accessed directly by another user and bypass
44+
the Jupyter Server's authorization!
45+
46+
A common strategy to enforce access proxied via Jupyter Server is to start
47+
Jupyter Server within a container and only allow network access to the Jupyter
48+
Server via the container.
49+
50+
For more insights, see [Ryan Lovetts comment about
51+
it](https://github.com/jupyterhub/jupyter-server-proxy/pull/359#issuecomment-1350118197).
52+
3553
## Install
3654

3755
### Requirements

0 commit comments

Comments
 (0)