##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Merge Security Pull Request: security-doc...
MinRK -
r15998:0d38cf21 merge
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,13 b''
1 ====================
2 The IPython notebook
3 ====================
4
5 .. toctree::
6 :maxdepth: 2
7
8 notebook
9 cm_keyboard
10 nbconvert
11 public_server
12 security
13
Show file before | Show file after | Hide comments
@@ -0,0 +1,52 b''
1 -----BEGIN PGP PUBLIC KEY BLOCK-----
2 Version: GnuPG v2.0.22 (GNU/Linux)
3
4 mQINBFMx2LoBEAC9xU8JiKI1VlCJ4PT9zqhU5nChQZ06/bj1BBftiMJG07fdGVO0
5 ibOn4TrCoRYaeRlet0UpHzxT4zDa5h3/usJaJNTSRwtWePw2o7Lik8J+F3LionRf
6 8Jz81WpJ+81Klg4UWKErXjBHsu/50aoQm6ZNYG4S2nwOmMVEC4nc44IAA0bb+6kW
7 saFKKzEDsASGyuvyutdyUHiCfvvh5GOC2h9mXYvl4FaMW7K+d2UgCYERcXDNy7C1
8 Bw+uepQ9ELKdG4ZpvonO6BNr1BWLln3wk93AQfD5qhfsYRJIyj0hJlaRLtBU3i6c
9 xs+gQNF4mPmybpPSGuOyUr4FYC7NfoG7IUMLj+DYa6d8LcMJO+9px4IbdhQvzGtC
10 qz5av1TX7/+gnS4L8C9i1g8xgI+MtvogngPmPY4repOlK6y3l/WtxUPkGkyYkn3s
11 RzYyE/GJgTwuxFXzMQs91s+/iELFQq/QwmEJf+g/QYfSAuM+lVGajEDNBYVAQkxf
12 gau4s8Gm0GzTZmINilk+7TxpXtKbFc/Yr4A/fMIHmaQ7KmJB84zKwONsQdVv7Jjj
13 0dpwu8EIQdHxX3k7/Q+KKubEivgoSkVwuoQTG15X9xrOsDZNwfOVQh+JKazPvJtd
14 SNfep96r9t/8gnXv9JI95CGCQ8lNhXBUSBM3BDPTbudc4b6lFUyMXN0mKQARAQAB
15 tCxJUHl0aG9uIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QGlweXRob24ub3JnPokC
16 OAQTAQIAIgUCUzHYugIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEwJc
17 LcmZYkjuXg//R/t6nMNQmf9W1h52IVfUbRAVmvZ5d063hQHKV2dssxtnA2dRm/x5
18 JZu8Wz7ZrEZpyqwRJO14sxN1/lC3v+zs9XzYXr2lBTZuKCPIBypYVGIynCuWJBQJ
19 rWnfG4+u1RHahnjqlTWTY1C/le6v7SjAvCb6GbdA6k4ZL2EJjQlRaHDmzw3rV/+l
20 LLx6/tYzIsotuflm/bFumyOMmpQQpJjnCkWIVjnRICZvuAn97jLgtTI0+0Rzf4Zb
21 k2BwmHwDRqWCTTcRI9QvTl8AzjW+dNImN22TpGOBPfYj8BCZ9twrpKUbf+jNqJ1K
22 THQzFtpdJ6SzqiFVm74xW4TKqCLkbCQ/HtVjTGMGGz/y7KTtaLpGutQ6XE8SSy6P
23 EffSb5u+kKlQOWaH7Mc3B0yAojz6T3j5RSI8ts6pFi6pZhDg9hBfPK2dT0v/7Mkv
24 E1Z7q2IdjZnhhtGWjDAMtDDn2NbY2wuGoa5jAWAR0WvIbEZ3kOxuLE5/ZOG1FyYm
25 noJRliBz7038nT92EoD5g1pdzuxgXtGCpYyyjRZwaLmmi4CvA+oThKmnqWNY5lyY
26 ricdNHDiyEXK0YafJL1oZgM86MSb0jKJMp5U11nUkUGzkroFfpGDmzBwAzEPgeiF
27 40+qgsKB9lqwb3G7PxvfSi3XwxfXgpm1cTyEaPSzsVzve3d1xeqb7Yq5Ag0EUzHY
28 ugEQALQ5FtLdNoxTxMsgvrRr1ejLiUeRNUfXtN1TYttOfvAhfBVnszjtkpIW8DCB
29 JF/bA7ETiH8OYYn/Fm6MPI5H64IHEncpzxjf57jgpXd9CA9U2OMk/P1nve5zYchP
30 QmP2fJxeAWr0aRH0Mse5JS5nCkh8Xv4nAjsBYeLTJEVOb1gPQFXOiFcVp3gaKAzX
31 GWOZ/mtG/uaNsabH/3TkcQQEgJefd11DWgMB7575GU+eME7c6hn3FPITA5TC5HUX
32 azvjv/PsWGTTVAJluJ3fUDvhpbGwYOh1uV0rB68lPpqVIro18IIJhNDnccM/xqko
33 4fpJdokdg4L1wih+B04OEXnwgjWG8OIphR/oL/+M37VV2U7Om/GE6LGefaYccC9c
34 tIaacRQJmZpG/8RsimFIY2wJ07z8xYBITmhMmOt0bLBv0mU0ym5KH9Dnru1m9QDO
35 AHwcKrDgL85f9MCn+YYw0d1lYxjOXjf+moaeW3izXCJ5brM+MqVtixY6aos3YO29
36 J7SzQ4aEDv3h/oKdDfZny21jcVPQxGDui8sqaZCi8usCcyqWsKvFHcr6vkwaufcm
37 3Knr2HKVotOUF5CDZybopIz1sJvY/5Dx9yfRmtivJtglrxoDKsLi1rQTlEQcFhCS
38 ACjf7txLtv03vWHxmp4YKQFkkOlbyhIcvfPVLTvqGerdT2FHABEBAAGJAh8EGAEC
39 AAkFAlMx2LoCGwwACgkQEwJcLcmZYkgK0BAAny0YUugpZldiHzYNf8I6p2OpiDWv
40 ZHaguTTPg2LJSKaTd+5UHZwRFIWjcSiFu+qTGLNtZAdcr0D5f991CPvyDSLYgOwb
41 Jm2p3GM2KxfECWzFbB/n/PjbZ5iky3+5sPlOdBR4TkfG4fcu5GwUgCkVe5u3USAk
42 C6W5lpeaspDz39HAPRSIOFEX70+xV+6FZ17B7nixFGN+giTpGYOEdGFxtUNmHmf+
43 waJoPECyImDwJvmlMTeP9jfahlB6Pzaxt6TBZYHetI/JR9FU69EmA+XfCSGt5S+0
44 Eoc330gpsSzo2VlxwRCVNrcuKmG7PsFFANok05ssFq1/Djv5rJ++3lYb88b8HSP2
45 3pQJPrM7cQNU8iPku9yLXkY5qsoZOH+3yAia554Dgc8WBhp6fWh58R0dIONQxbbo
46 apNdwvlI8hKFB7TiUL6PNShE1yL+XD201iNkGAJXbLMIC1ImGLirUfU267A3Cop5
47 hoGs179HGBcyj/sKA3uUIFdNtP+NndaP3v4iYhCitdVCvBJMm6K3tW88qkyRGzOk
48 4PW422oyWKwbAPeMk5PubvEFuFAIoBAFn1zecrcOg85RzRnEeXaiemmmH8GOe1Xu
49 Kh+7h8XXyG6RPFy8tCcLOTk+miTqX+4VWy+kVqoS2cQ5IV8WsJ3S7aeIy0H89Z8n
50 5vmLc+Ibz+eT+rM=
51 =XVDe
52 -----END PGP PUBLIC KEY BLOCK-----
Show file before | Show file after | Hide comments
@@ -0,0 +1,146 b''
1 Security in IPython notebooks
2 =============================
3
4 As IPython notebooks become more popular for sharing and collaboration,
5 the potential for malicious people to attempt to exploit the notebook
6 for their nefarious purposes increases. IPython 2.0 introduces a
7 security model to prevent execution of untrusted code without explicit
8 user input.
9
10 The problem
11 -----------
12
13 The whole point of IPython is arbitrary code execution. We have no
14 desire to limit what can be done with a notebook, which would negatively
15 impact its utility.
16
17 Unlike other programs, an IPython notebook document includes output.
18 Unlike other documents, that output exists in a context that can execute
19 code (via Javascript).
20
21 The security problem we need to solve is that no code should execute
22 just because a user has **opened** a notebook that **they did not
23 write**. Like any other program, once a user decides to execute code in
24 a notebook, it is considered trusted, and should be allowed to do
25 anything.
26
27 Our security model
28 ------------------
29
30 - Untrusted HTML is always sanitized
31 - Untrusted Javascript is never executed
32 - HTML and Javascript in Markdown cells are never trusted
33 - **Outputs** generated by the user are trusted
34 - Any other HTML or Javascript (in Markdown cells, output generated by
35 others) is never trusted
36 - The central question of trust is "Did the current user do this?"
37
38 The details of trust
39 --------------------
40
41 IPython notebooks store a signature in metadata, which is used to answer
42 the question "Did the current user do this?"
43
44 This signature is a digest of the notebooks contents plus a secret key,
45 known only to the user. The secret key is a user-only readable file in
46 the IPython profile's security directory. By default, this is::
47
48 ~/.ipython/profile_default/security/notebook_secret
49
50 When a notebook is opened by a user, the server computes a signature
51 with the user's key, and compares it with the signature stored in the
52 notebook's metadata. If the signature matches, HTML and Javascript
53 output in the notebook will be trusted at load, otherwise it will be
54 untrusted.
55
56 Any output generated during an interactive session is trusted.
57
58 Updating trust
59 **************
60
61 A notebook's trust is updated when the notebook is saved. If there are
62 any untrusted outputs still in the notebook, the notebook will not be
63 trusted, and no signature will be stored. If all untrusted outputs have
64 been removed (either via ``Clear Output`` or re-execution), then the
65 notebook will become trusted.
66
67 While trust is updated per output, this is only for the duration of a
68 single session. A notebook file on disk is either trusted or not in its
69 entirety.
70
71 Explicit trust
72 **************
73
74 Sometimes re-executing a notebook to generate trusted output is not an
75 option, either because dependencies are unavailable, or it would take a
76 long time. Users can explicitly trust a notebook in two ways:
77
78 - At the command-line, with::
79
80 ipython trust /path/to/notebook.ipynb
81
82 - After loading the untrusted notebook, with ``File / Trust Notebook``
83
84 These two methods simply load the notebook, compute a new signature with
85 the user's key, and then store the newly signed notebook.
86
87 Reporting security issues
88 -------------------------
89
90 If you find a security vulnerability in IPython, either a failure of the
91 code to properly implement the model described here, or a failure of the
92 model itself, please report it to security@ipython.org.
93
94 If you prefer to encrypt your security reports,
95 you can use :download:`this PGP public key <ipython_security.asc>`.
96
97 Affected use cases
98 ------------------
99
100 Some use cases that work in IPython 1.0 will become less convenient in
101 2.0 as a result of the security changes. We do our best to minimize
102 these annoyance, but security is always at odds with convenience.
103
104 Javascript and CSS in Markdown cells
105 ************************************
106
107 While never officially supported, it had become common practice to put
108 hidden Javascript or CSS styling in Markdown cells, so that they would
109 not be visible on the page. Since Markdown cells are now sanitized (by
110 `Google Caja <https://developers.google.com/caja>`__), all Javascript
111 (including click event handlers, etc.) and CSS will be stripped.
112
113 We plan to provide a mechanism for notebook themes, but in the meantime
114 styling the notebook can only be done via either ``custom.css`` or CSS
115 in HTML output. The latter only have an effect if the notebook is
116 trusted, because otherwise the output will be sanitized just like
117 Markdown.
118
119 Collaboration
120 *************
121
122 When collaborating on a notebook, people probably want to see the
123 outputs produced by their colleagues' most recent executions. Since each
124 collaborator's key will differ, this will result in each share starting
125 in an untrusted state. There are three basic approaches to this:
126
127 - re-run notebooks when you get them (not always viable)
128 - explicitly trust notebooks via ``ipython trust`` or the notebook menu
129 (annoying, but easy)
130 - share a notebook secret, and use an IPython profile dedicated to the
131 collaboration while working on the project.
132
133 Multiple profiles or machines
134 *****************************
135
136 Since the notebook secret is stored in a profile directory by default,
137 opening a notebook with a different profile or on a different machine
138 will result in a different key, and thus be untrusted. The only current
139 way to address this is by sharing the notebook secret. This can be
140 facilitated by setting the configurable:
141
142 .. sourcecode:: python
143
144 c.NotebookApp.secret_file = "/path/to/notebook_secret"
145
146 in each profile, and only sharing the secret once per machine.
Show file before | Show file after | Hide comments
@@ -1,9 +1,9 b''
1 1 <html>
2 2 <head>
3 <meta http-equiv="Refresh" content="0; url=notebook.html" />
4 <title>Notebook page has move</title>
5 </head>
3 <meta http-equiv="Refresh" content="0; url=../notebook/index.html" />
4 <title>Notebook docs have moved</title>
5 </head>
6 6 <body>
7 <p>The notebook page has moved to <a href="notebook.html">this link</a>.</p>
7 <p>The notebook docs have moved <a href="../notebook/index.html">here</a>.</p>
8 8 </body>
9 9 </html>
Show file before | Show file after | Hide comments
@@ -1,246 +1,249 b''
1 1 # -*- coding: utf-8 -*-
2 2 #
3 3 # IPython documentation build configuration file.
4 4
5 5 # NOTE: This file has been edited manually from the auto-generated one from
6 6 # sphinx. Do NOT delete and re-generate. If any changes from sphinx are
7 7 # needed, generate a scratch one and merge by hand any new fields needed.
8 8
9 9 #
10 10 # This file is execfile()d with the current directory set to its containing dir.
11 11 #
12 12 # The contents of this file are pickled, so don't put values in the namespace
13 13 # that aren't pickleable (module imports are okay, they're removed automatically).
14 14 #
15 15 # All configuration values have a default value; values that are commented out
16 16 # serve to show the default value.
17 17
18 18 import sys, os
19 19
20 20 ON_RTD = os.environ.get('READTHEDOCS', None) == 'True'
21 21
22 22 if ON_RTD:
23 23 # Mock the presence of matplotlib, which we don't have on RTD
24 24 # see
25 25 # http://read-the-docs.readthedocs.org/en/latest/faq.html
26 26 tags.add('rtd')
27 27
28 28 # If your extensions are in another directory, add it here. If the directory
29 29 # is relative to the documentation root, use os.path.abspath to make it
30 30 # absolute, like shown here.
31 31 sys.path.insert(0, os.path.abspath('../sphinxext'))
32 32
33 33 # We load the ipython release info into a dict by explicit execution
34 34 iprelease = {}
35 35 execfile('../../IPython/core/release.py',iprelease)
36 36
37 37 # General configuration
38 38 # ---------------------
39 39
40 40 # Add any Sphinx extension module names here, as strings. They can be extensions
41 41 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
42 42 extensions = [
43 43 'matplotlib.sphinxext.mathmpl',
44 44 'matplotlib.sphinxext.only_directives',
45 45 'matplotlib.sphinxext.plot_directive',
46 46 'sphinx.ext.autodoc',
47 47 'sphinx.ext.autosummary',
48 48 'sphinx.ext.doctest',
49 49 'sphinx.ext.inheritance_diagram',
50 50 'sphinx.ext.intersphinx',
51 51 'IPython.sphinxext.ipython_console_highlighting',
52 52 'IPython.sphinxext.ipython_directive',
53 53 'numpydoc', # to preprocess docstrings
54 54 'github', # for easy GitHub links
55 55 ]
56 56
57 57 if ON_RTD:
58 58 # Remove extensions not currently supported on RTD
59 59 extensions.remove('matplotlib.sphinxext.only_directives')
60 60 extensions.remove('matplotlib.sphinxext.mathmpl')
61 61 extensions.remove('matplotlib.sphinxext.plot_directive')
62 62 extensions.remove('IPython.sphinxext.ipython_directive')
63 63 extensions.remove('IPython.sphinxext.ipython_console_highlighting')
64 64
65 65 # Add any paths that contain templates here, relative to this directory.
66 66 templates_path = ['_templates']
67 67
68 68 # The suffix of source filenames.
69 69 source_suffix = '.rst'
70 70
71 71 if iprelease['_version_extra']:
72 72 rst_prolog = """
73 73 .. note::
74 74
75 75 This documentation is for a development version of IPython. There may be
76 76 significant differences from the latest stable release (1.2.1).
77 77
78 78 """
79 79
80 80 # The master toctree document.
81 81 master_doc = 'index'
82 82
83 83 # General substitutions.
84 84 project = 'IPython'
85 85 copyright = '2008, The IPython Development Team'
86 86
87 87 # ghissue config
88 88 github_project_url = "https://github.com/ipython/ipython"
89 89
90 90 # numpydoc config
91 91 numpydoc_show_class_members = False # Otherwise Sphinx emits thousands of warnings
92 92 numpydoc_class_members_toctree = False
93 93
94 94 # The default replacements for |version| and |release|, also used in various
95 95 # other places throughout the built documents.
96 96 #
97 97 # The full version, including alpha/beta/rc tags.
98 98 codename = iprelease['codename']
99 99 release = "%s: %s" % (iprelease['version'], codename)
100 100 # Just the X.Y.Z part, no '-dev'
101 101 version = iprelease['version'].split('-', 1)[0]
102 102
103 103
104 104 # There are two options for replacing |today|: either, you set today to some
105 105 # non-false value, then it is used:
106 106 #today = ''
107 107 # Else, today_fmt is used as the format for a strftime call.
108 108 today_fmt = '%B %d, %Y'
109 109
110 110 # List of documents that shouldn't be included in the build.
111 111 #unused_docs = []
112 112
113 113 # List of directories, relative to source directories, that shouldn't be searched
114 114 # for source files.
115 115 exclude_dirs = ['attic']
116 116
117 117 # If true, '()' will be appended to :func: etc. cross-reference text.
118 118 #add_function_parentheses = True
119 119
120 120 # If true, the current module name will be prepended to all description
121 121 # unit titles (such as .. function::).
122 122 #add_module_names = True
123 123
124 124 # If true, sectionauthor and moduleauthor directives will be shown in the
125 125 # output. They are ignored by default.
126 126 #show_authors = False
127 127
128 128 # The name of the Pygments (syntax highlighting) style to use.
129 129 pygments_style = 'sphinx'
130 130
131 131
132 132 # Options for HTML output
133 133 # -----------------------
134 134
135 135 # The style sheet to use for HTML and HTML Help pages. A file of that name
136 136 # must exist either in Sphinx' static/ path, or in one of the custom paths
137 137 # given in html_static_path.
138 138 html_style = 'default.css'
139 139
140 140 # The name for this set of Sphinx documents. If None, it defaults to
141 141 # "<project> v<release> documentation".
142 142 #html_title = None
143 143
144 144 # The name of an image file (within the static path) to place at the top of
145 145 # the sidebar.
146 146 #html_logo = None
147 147
148 148 # Add any paths that contain custom static files (such as style sheets) here,
149 149 # relative to this directory. They are copied after the builtin static files,
150 150 # so a file named "default.css" will overwrite the builtin "default.css".
151 151 html_static_path = ['_static']
152 152
153 153 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
154 154 # using the given strftime format.
155 155 html_last_updated_fmt = '%b %d, %Y'
156 156
157 157 # If true, SmartyPants will be used to convert quotes and dashes to
158 158 # typographically correct entities.
159 159 #html_use_smartypants = True
160 160
161 161 # Custom sidebar templates, maps document names to template names.
162 162 #html_sidebars = {}
163 163
164 164 # Additional templates that should be rendered to pages, maps page names to
165 165 # template names.
166 166 html_additional_pages = {
167 'interactive/htmlnotebook': 'htmlnotebook.html',
167 'interactive/htmlnotebook': 'notebook_redirect.html',
168 'interactive/notebook': 'notebook_redirect.html',
169 'interactive/nbconvert': 'notebook_redirect.html',
170 'interactive/public_server': 'notebook_redirect.html',
168 171 }
169 172
170 173 # If false, no module index is generated.
171 174 #html_use_modindex = True
172 175
173 176 # If true, the reST sources are included in the HTML build as _sources/<name>.
174 177 #html_copy_source = True
175 178
176 179 # If true, an OpenSearch description file will be output, and all pages will
177 180 # contain a <link> tag referring to it. The value of this option must be the
178 181 # base URL from which the finished HTML is served.
179 182 #html_use_opensearch = ''
180 183
181 184 # If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml").
182 185 #html_file_suffix = ''
183 186
184 187 # Output file base name for HTML help builder.
185 188 htmlhelp_basename = 'ipythondoc'
186 189
187 190 intersphinx_mapping = {'python': ('http://docs.python.org/2/', None)}
188 191
189 192 # Options for LaTeX output
190 193 # ------------------------
191 194
192 195 # The paper size ('letter' or 'a4').
193 196 latex_paper_size = 'letter'
194 197
195 198 # The font size ('10pt', '11pt' or '12pt').
196 199 latex_font_size = '11pt'
197 200
198 201 # Grouping the document tree into LaTeX files. List of tuples
199 202 # (source start file, target name, title, author, document class [howto/manual]).
200 203
201 204 latex_documents = [
202 205 ('index', 'ipython.tex', 'IPython Documentation',
203 206 ur"""The IPython Development Team""", 'manual', True),
204 207 ('parallel/winhpc_index', 'winhpc_whitepaper.tex',
205 208 'Using IPython on Windows HPC Server 2008',
206 209 ur"Brian E. Granger", 'manual', True)
207 210 ]
208 211
209 212 # The name of an image file (relative to this directory) to place at the top of
210 213 # the title page.
211 214 #latex_logo = None
212 215
213 216 # For "manual" documents, if this is true, then toplevel headings are parts,
214 217 # not chapters.
215 218 #latex_use_parts = False
216 219
217 220 # Additional stuff for the LaTeX preamble.
218 221 #latex_preamble = ''
219 222
220 223 # Documents to append as an appendix to all manuals.
221 224 #latex_appendices = []
222 225
223 226 # If false, no module index is generated.
224 227 latex_use_modindex = True
225 228
226 229
227 230 # Options for texinfo output
228 231 # --------------------------
229 232
230 233 texinfo_documents = [
231 234 (master_doc, 'ipython', 'IPython Documentation',
232 235 'The IPython Development Team',
233 236 'IPython',
234 237 'IPython Documentation',
235 238 'Programming',
236 239 1),
237 240 ]
238 241
239 242 modindex_common_prefix = ['IPython.']
240 243
241 244
242 245 # Cleanup
243 246 # -------
244 247 # delete release info to avoid pickling errors from sphinx
245 248
246 249 del iprelease
Show file before | Show file after | Hide comments
@@ -1,38 +1,39 b''
1 1 =====================
2 2 IPython Documentation
3 3 =====================
4 4
5 5 .. htmlonly::
6 6
7 7 :Release: |release|
8 8 :Date: |today|
9 9
10 10 .. only:: not rtd
11 11
12 12 Welcome to the official IPython documentation.
13 13
14 14 .. only:: rtd
15 15
16 16 This is a partial copy of IPython documentation, please visit `IPython official documentation <http://ipython.org/documentation.html>`_.
17 17
18 18 Contents
19 19 ========
20 20
21 21 .. toctree::
22 22 :maxdepth: 1
23 23
24 24 overview
25 25 whatsnew/index
26 26 install/index
27 27 interactive/index
28 notebook/index
28 29 parallel/index
29 30 config/index
30 31 development/index
31 32 api/index
32 33 about/index
33 34
34 35 .. htmlonly::
35 36 * :ref:`genindex`
36 37 * :ref:`modindex`
37 38 * :ref:`search`
38 39
Show file before | Show file after | Hide comments
@@ -1,18 +1,16 b''
1 1 ==================================
2 2 Using IPython for interactive work
3 3 ==================================
4 4
5 5 .. toctree::
6 6 :maxdepth: 2
7 7
8 8 tutorial
9 9 tips
10 10 reference
11 11 shell
12 12 qtconsole
13 notebook
14 cm_keyboard
15 nbconvert
16 public_server
17 13
14 .. seealso::
18 15
16 :doc:`/notebook/index`
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from docs/source/interactive/cm_keyboard.rst to docs/source/notebook/cm_keyboard.rst
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from docs/source/interactive/nbconvert.rst to docs/source/notebook/nbconvert.rst
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from docs/source/interactive/notebook.rst to docs/source/notebook/notebook.rst
Show file before | Show file after | Hide comments
@@ -1,159 +1,159 b''
1 1 .. _working_remotely:
2 2
3 3 Running a notebook server
4 4 =========================
5 5
6 6
7 7 The :ref:`IPython notebook <htmlnotebook>` web-application is based on a
8 8 server-client structure. This server uses a :ref:`two-process kernel
9 9 architecture <ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving
10 10 HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/
11 11 and is accessible only from `localhost`. This document describes how you can
12 12 :ref:`secure a notebook server <notebook_security>` and how to :ref:`run it on
13 13 a public interface <notebook_public_server>`.
14 14
15 15 .. _ZeroMQ: http://zeromq.org
16 16
17 17 .. _Tornado: http://www.tornadoweb.org
18 18
19 19
20 20 .. _notebook_security:
21 21
22 Notebook security
23 -----------------
22 Securing a notebook server
23 --------------------------
24 24
25 25 You can protect your notebook server with a simple single password by
26 26 setting the :attr:`NotebookApp.password` configurable. You can prepare a
27 27 hashed password using the function :func:`IPython.lib.security.passwd`:
28 28
29 29 .. sourcecode:: ipython
30 30
31 31 In [1]: from IPython.lib import passwd
32 32 In [2]: passwd()
33 33 Enter password:
34 34 Verify password:
35 35 Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
36 36
37 37 .. note::
38 38
39 39 :func:`~IPython.lib.security.passwd` can also take the password as a string
40 40 argument. **Do not** pass it as an argument inside an IPython session, as it
41 41 will be saved in your input history.
42 42
43 43 You can then add this to your :file:`ipython_notebook_config.py`, e.g.::
44 44
45 45 # Password to use for web authentication
46 46 c = get_config()
47 47 c.NotebookApp.password =
48 48 u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
49 49
50 50 When using a password, it is a good idea to also use SSL, so that your
51 51 password is not sent unencrypted by your browser. You can start the notebook
52 52 to communicate via a secure protocol mode using a self-signed certificate with
53 53 the command::
54 54
55 55 $ ipython notebook --certfile=mycert.pem
56 56
57 57 .. note::
58 58
59 59 A self-signed certificate can be generated with ``openssl``. For example,
60 60 the following command will create a certificate valid for 365 days with
61 61 both the key and certificate data written to the same file::
62 62
63 63 $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
64 64
65 65 Your browser will warn you of a dangerous certificate because it is
66 66 self-signed. If you want to have a fully compliant certificate that will not
67 67 raise warnings, it is possible (but rather involved) to obtain one,
68 68 as explained in detail in `this tutorial`__.
69 69
70 70 .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars
71 71
72 72 Keep in mind that when you enable SSL support, you will need to access the
73 73 notebook server over ``https://``, not over plain ``http://``. The startup
74 74 message from the server prints this, but it is easy to overlook and think the
75 75 server is for some reason non-responsive.
76 76
77 77
78 78 .. _notebook_public_server:
79 79
80 80 Running a public notebook server
81 81 --------------------------------
82 82
83 83 If you want to access your notebook server remotely via a web browser,
84 84 you can do the following.
85 85
86 86 Start by creating a certificate file and a hashed password, as explained
87 87 above. Then create a custom profile for the notebook, with the following
88 88 command line, type::
89 89
90 90 $ ipython profile create nbserver
91 91
92 92 In the profile directory just created, edit the file
93 93 ``ipython_notebook_config.py``. By default, the file has all fields
94 94 commented; the minimum set you need to uncomment and edit is the following::
95 95
96 96 c = get_config()
97 97
98 98 # Kernel config
99 99 c.IPKernelApp.pylab = 'inline' # if you want plotting support always
100 100
101 101 # Notebook config
102 102 c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem'
103 103 c.NotebookApp.ip = '*'
104 104 c.NotebookApp.open_browser = False
105 105 c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]'
106 106 # It is a good idea to put it on a known, fixed port
107 107 c.NotebookApp.port = 9999
108 108
109 109 You can then start the notebook and access it later by pointing your browser
110 110 to ``https://your.host.com:9999`` with ``ipython notebook
111 111 --profile=nbserver``.
112 112
113 113 Running with a different URL prefix
114 114 -----------------------------------
115 115
116 116 The notebook dashboard (the landing page with an overview
117 117 of the notebooks in your working directory) typically lives at the URL
118 118 ``http://localhost:8888/``. If you prefer that it lives, together with the
119 119 rest of the notebook, under a sub-directory,
120 120 e.g. ``http://localhost:8888/ipython/``, you can do so with
121 121 configuration options like the following (see above for instructions about
122 122 modifying ``ipython_notebook_config.py``)::
123 123
124 124 c.NotebookApp.base_url = '/ipython/'
125 125 c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'}
126 126
127 127 Using a different notebook store
128 128 --------------------------------
129 129
130 130 By default, the notebook server stores the notebook documents that it saves as
131 131 files in the working directory of the notebook server, also known as the
132 132 ``notebook_dir``. This logic is implemented in the
133 133 :class:`FileNotebookManager` class. However, the server can be configured to
134 134 use a different notebook manager class, which can
135 135 store the notebooks in a different format.
136 136
137 137 The bookstore_ package currently allows users to store notebooks on Rackspace
138 138 CloudFiles or OpenStack Swift based object stores.
139 139
140 140 Writing a notebook manager is as simple as extending the base class
141 141 :class:`NotebookManager`. The simple_notebook_manager_ provides a great example
142 142 of an in memory notebook manager, created solely for the purpose of
143 143 illustrating the notebook manager API.
144 144
145 145 .. _bookstore: https://github.com/rgbkrk/bookstore
146 146
147 147 .. _simple_notebook_manager: https://github.com/khinsen/simple_notebook_manager
148 148
149 149 Known issues
150 150 ------------
151 151
152 152 When behind a proxy, especially if your system or browser is set to autodetect
153 153 the proxy, the notebook web application might fail to connect to the server's
154 154 websockets, and present you with a warning at startup. In this case, you need
155 155 to configure your system not to use the proxy for the server's address.
156 156
157 157 For example, in Firefox, go to the Preferences panel, Advanced section,
158 158 Network tab, click 'Settings...', and add the address of the notebook server
159 159 to the 'No proxy for' field.
General Comments 0
You need to be logged in to leave comments. Login now