README: warn about unlimited local network access by manics · Pull Request #359 · jupyterhub/jupyter-server-proxy (original) (raw)

We can merge this, but I think the warning clarification was tricky for me to grasp properly - this part:

It has access to all local network services that the user has access to.

The description below was clear enough for me to feel that I understood it properly though.

Multiuser Considerations

This extension launches an rstudio server process from the jupyter notebook server. This is fine in JupyterHub deployments where user servers are containerized since other users cannot connect to the rstudio server port. In non-containerized JupyterHub deployments, for example on multiuser systems running LocalSpawner or BatchSpawner, this not secure. Any user may connect to rstudio server and run arbitrary code.

In my own words, what would I say? Hmmm...

If jupyter-server-proxy is configured to start some application for a user and expose it on some port, its exposed for whoever can access that port - which typically are all users with network access to the computer or container. Or hmmm?

Hmmm, no I don't think I understand this well enough atm to describe the warning myself. Could you elaborate or make the warning more verbose @manics?