Show More
@@ -0,0 +1,13 b'' | |||
|
1 | ==================== | |
|
2 | The IPython notebook | |
|
3 | ==================== | |
|
4 | ||
|
5 | .. toctree:: | |
|
6 | :maxdepth: 2 | |
|
7 | ||
|
8 | notebook | |
|
9 | cm_keyboard | |
|
10 | nbconvert | |
|
11 | public_server | |
|
12 | security | |
|
13 |
@@ -0,0 +1,52 b'' | |||
|
1 | -----BEGIN PGP PUBLIC KEY BLOCK----- | |
|
2 | Version: GnuPG v2.0.22 (GNU/Linux) | |
|
3 | ||
|
4 | mQINBFMx2LoBEAC9xU8JiKI1VlCJ4PT9zqhU5nChQZ06/bj1BBftiMJG07fdGVO0 | |
|
5 | ibOn4TrCoRYaeRlet0UpHzxT4zDa5h3/usJaJNTSRwtWePw2o7Lik8J+F3LionRf | |
|
6 | 8Jz81WpJ+81Klg4UWKErXjBHsu/50aoQm6ZNYG4S2nwOmMVEC4nc44IAA0bb+6kW | |
|
7 | saFKKzEDsASGyuvyutdyUHiCfvvh5GOC2h9mXYvl4FaMW7K+d2UgCYERcXDNy7C1 | |
|
8 | Bw+uepQ9ELKdG4ZpvonO6BNr1BWLln3wk93AQfD5qhfsYRJIyj0hJlaRLtBU3i6c | |
|
9 | xs+gQNF4mPmybpPSGuOyUr4FYC7NfoG7IUMLj+DYa6d8LcMJO+9px4IbdhQvzGtC | |
|
10 | qz5av1TX7/+gnS4L8C9i1g8xgI+MtvogngPmPY4repOlK6y3l/WtxUPkGkyYkn3s | |
|
11 | RzYyE/GJgTwuxFXzMQs91s+/iELFQq/QwmEJf+g/QYfSAuM+lVGajEDNBYVAQkxf | |
|
12 | gau4s8Gm0GzTZmINilk+7TxpXtKbFc/Yr4A/fMIHmaQ7KmJB84zKwONsQdVv7Jjj | |
|
13 | 0dpwu8EIQdHxX3k7/Q+KKubEivgoSkVwuoQTG15X9xrOsDZNwfOVQh+JKazPvJtd | |
|
14 | SNfep96r9t/8gnXv9JI95CGCQ8lNhXBUSBM3BDPTbudc4b6lFUyMXN0mKQARAQAB | |
|
15 | tCxJUHl0aG9uIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QGlweXRob24ub3JnPokC | |
|
16 | OAQTAQIAIgUCUzHYugIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEwJc | |
|
17 | LcmZYkjuXg//R/t6nMNQmf9W1h52IVfUbRAVmvZ5d063hQHKV2dssxtnA2dRm/x5 | |
|
18 | JZu8Wz7ZrEZpyqwRJO14sxN1/lC3v+zs9XzYXr2lBTZuKCPIBypYVGIynCuWJBQJ | |
|
19 | rWnfG4+u1RHahnjqlTWTY1C/le6v7SjAvCb6GbdA6k4ZL2EJjQlRaHDmzw3rV/+l | |
|
20 | LLx6/tYzIsotuflm/bFumyOMmpQQpJjnCkWIVjnRICZvuAn97jLgtTI0+0Rzf4Zb | |
|
21 | k2BwmHwDRqWCTTcRI9QvTl8AzjW+dNImN22TpGOBPfYj8BCZ9twrpKUbf+jNqJ1K | |
|
22 | THQzFtpdJ6SzqiFVm74xW4TKqCLkbCQ/HtVjTGMGGz/y7KTtaLpGutQ6XE8SSy6P | |
|
23 | EffSb5u+kKlQOWaH7Mc3B0yAojz6T3j5RSI8ts6pFi6pZhDg9hBfPK2dT0v/7Mkv | |
|
24 | E1Z7q2IdjZnhhtGWjDAMtDDn2NbY2wuGoa5jAWAR0WvIbEZ3kOxuLE5/ZOG1FyYm | |
|
25 | noJRliBz7038nT92EoD5g1pdzuxgXtGCpYyyjRZwaLmmi4CvA+oThKmnqWNY5lyY | |
|
26 | ricdNHDiyEXK0YafJL1oZgM86MSb0jKJMp5U11nUkUGzkroFfpGDmzBwAzEPgeiF | |
|
27 | 40+qgsKB9lqwb3G7PxvfSi3XwxfXgpm1cTyEaPSzsVzve3d1xeqb7Yq5Ag0EUzHY | |
|
28 | ugEQALQ5FtLdNoxTxMsgvrRr1ejLiUeRNUfXtN1TYttOfvAhfBVnszjtkpIW8DCB | |
|
29 | JF/bA7ETiH8OYYn/Fm6MPI5H64IHEncpzxjf57jgpXd9CA9U2OMk/P1nve5zYchP | |
|
30 | QmP2fJxeAWr0aRH0Mse5JS5nCkh8Xv4nAjsBYeLTJEVOb1gPQFXOiFcVp3gaKAzX | |
|
31 | GWOZ/mtG/uaNsabH/3TkcQQEgJefd11DWgMB7575GU+eME7c6hn3FPITA5TC5HUX | |
|
32 | azvjv/PsWGTTVAJluJ3fUDvhpbGwYOh1uV0rB68lPpqVIro18IIJhNDnccM/xqko | |
|
33 | 4fpJdokdg4L1wih+B04OEXnwgjWG8OIphR/oL/+M37VV2U7Om/GE6LGefaYccC9c | |
|
34 | tIaacRQJmZpG/8RsimFIY2wJ07z8xYBITmhMmOt0bLBv0mU0ym5KH9Dnru1m9QDO | |
|
35 | AHwcKrDgL85f9MCn+YYw0d1lYxjOXjf+moaeW3izXCJ5brM+MqVtixY6aos3YO29 | |
|
36 | J7SzQ4aEDv3h/oKdDfZny21jcVPQxGDui8sqaZCi8usCcyqWsKvFHcr6vkwaufcm | |
|
37 | 3Knr2HKVotOUF5CDZybopIz1sJvY/5Dx9yfRmtivJtglrxoDKsLi1rQTlEQcFhCS | |
|
38 | ACjf7txLtv03vWHxmp4YKQFkkOlbyhIcvfPVLTvqGerdT2FHABEBAAGJAh8EGAEC | |
|
39 | AAkFAlMx2LoCGwwACgkQEwJcLcmZYkgK0BAAny0YUugpZldiHzYNf8I6p2OpiDWv | |
|
40 | ZHaguTTPg2LJSKaTd+5UHZwRFIWjcSiFu+qTGLNtZAdcr0D5f991CPvyDSLYgOwb | |
|
41 | Jm2p3GM2KxfECWzFbB/n/PjbZ5iky3+5sPlOdBR4TkfG4fcu5GwUgCkVe5u3USAk | |
|
42 | C6W5lpeaspDz39HAPRSIOFEX70+xV+6FZ17B7nixFGN+giTpGYOEdGFxtUNmHmf+ | |
|
43 | waJoPECyImDwJvmlMTeP9jfahlB6Pzaxt6TBZYHetI/JR9FU69EmA+XfCSGt5S+0 | |
|
44 | Eoc330gpsSzo2VlxwRCVNrcuKmG7PsFFANok05ssFq1/Djv5rJ++3lYb88b8HSP2 | |
|
45 | 3pQJPrM7cQNU8iPku9yLXkY5qsoZOH+3yAia554Dgc8WBhp6fWh58R0dIONQxbbo | |
|
46 | apNdwvlI8hKFB7TiUL6PNShE1yL+XD201iNkGAJXbLMIC1ImGLirUfU267A3Cop5 | |
|
47 | hoGs179HGBcyj/sKA3uUIFdNtP+NndaP3v4iYhCitdVCvBJMm6K3tW88qkyRGzOk | |
|
48 | 4PW422oyWKwbAPeMk5PubvEFuFAIoBAFn1zecrcOg85RzRnEeXaiemmmH8GOe1Xu | |
|
49 | Kh+7h8XXyG6RPFy8tCcLOTk+miTqX+4VWy+kVqoS2cQ5IV8WsJ3S7aeIy0H89Z8n | |
|
50 | 5vmLc+Ibz+eT+rM= | |
|
51 | =XVDe | |
|
52 | -----END PGP PUBLIC KEY BLOCK----- |
@@ -0,0 +1,146 b'' | |||
|
1 | Security in IPython notebooks | |
|
2 | ============================= | |
|
3 | ||
|
4 | As IPython notebooks become more popular for sharing and collaboration, | |
|
5 | the potential for malicious people to attempt to exploit the notebook | |
|
6 | for their nefarious purposes increases. IPython 2.0 introduces a | |
|
7 | security model to prevent execution of untrusted code without explicit | |
|
8 | user input. | |
|
9 | ||
|
10 | The problem | |
|
11 | ----------- | |
|
12 | ||
|
13 | The whole point of IPython is arbitrary code execution. We have no | |
|
14 | desire to limit what can be done with a notebook, which would negatively | |
|
15 | impact its utility. | |
|
16 | ||
|
17 | Unlike other programs, an IPython notebook document includes output. | |
|
18 | Unlike other documents, that output exists in a context that can execute | |
|
19 | code (via Javascript). | |
|
20 | ||
|
21 | The security problem we need to solve is that no code should execute | |
|
22 | just because a user has **opened** a notebook that **they did not | |
|
23 | write**. Like any other program, once a user decides to execute code in | |
|
24 | a notebook, it is considered trusted, and should be allowed to do | |
|
25 | anything. | |
|
26 | ||
|
27 | Our security model | |
|
28 | ------------------ | |
|
29 | ||
|
30 | - Untrusted HTML is always sanitized | |
|
31 | - Untrusted Javascript is never executed | |
|
32 | - HTML and Javascript in Markdown cells are never trusted | |
|
33 | - **Outputs** generated by the user are trusted | |
|
34 | - Any other HTML or Javascript (in Markdown cells, output generated by | |
|
35 | others) is never trusted | |
|
36 | - The central question of trust is "Did the current user do this?" | |
|
37 | ||
|
38 | The details of trust | |
|
39 | -------------------- | |
|
40 | ||
|
41 | IPython notebooks store a signature in metadata, which is used to answer | |
|
42 | the question "Did the current user do this?" | |
|
43 | ||
|
44 | This signature is a digest of the notebooks contents plus a secret key, | |
|
45 | known only to the user. The secret key is a user-only readable file in | |
|
46 | the IPython profile's security directory. By default, this is:: | |
|
47 | ||
|
48 | ~/.ipython/profile_default/security/notebook_secret | |
|
49 | ||
|
50 | When a notebook is opened by a user, the server computes a signature | |
|
51 | with the user's key, and compares it with the signature stored in the | |
|
52 | notebook's metadata. If the signature matches, HTML and Javascript | |
|
53 | output in the notebook will be trusted at load, otherwise it will be | |
|
54 | untrusted. | |
|
55 | ||
|
56 | Any output generated during an interactive session is trusted. | |
|
57 | ||
|
58 | Updating trust | |
|
59 | ************** | |
|
60 | ||
|
61 | A notebook's trust is updated when the notebook is saved. If there are | |
|
62 | any untrusted outputs still in the notebook, the notebook will not be | |
|
63 | trusted, and no signature will be stored. If all untrusted outputs have | |
|
64 | been removed (either via ``Clear Output`` or re-execution), then the | |
|
65 | notebook will become trusted. | |
|
66 | ||
|
67 | While trust is updated per output, this is only for the duration of a | |
|
68 | single session. A notebook file on disk is either trusted or not in its | |
|
69 | entirety. | |
|
70 | ||
|
71 | Explicit trust | |
|
72 | ************** | |
|
73 | ||
|
74 | Sometimes re-executing a notebook to generate trusted output is not an | |
|
75 | option, either because dependencies are unavailable, or it would take a | |
|
76 | long time. Users can explicitly trust a notebook in two ways: | |
|
77 | ||
|
78 | - At the command-line, with:: | |
|
79 | ||
|
80 | ipython trust /path/to/notebook.ipynb | |
|
81 | ||
|
82 | - After loading the untrusted notebook, with ``File / Trust Notebook`` | |
|
83 | ||
|
84 | These two methods simply load the notebook, compute a new signature with | |
|
85 | the user's key, and then store the newly signed notebook. | |
|
86 | ||
|
87 | Reporting security issues | |
|
88 | ------------------------- | |
|
89 | ||
|
90 | If you find a security vulnerability in IPython, either a failure of the | |
|
91 | code to properly implement the model described here, or a failure of the | |
|
92 | model itself, please report it to security@ipython.org. | |
|
93 | ||
|
94 | If you prefer to encrypt your security reports, | |
|
95 | you can use :download:`this PGP public key <ipython_security.asc>`. | |
|
96 | ||
|
97 | Affected use cases | |
|
98 | ------------------ | |
|
99 | ||
|
100 | Some use cases that work in IPython 1.0 will become less convenient in | |
|
101 | 2.0 as a result of the security changes. We do our best to minimize | |
|
102 | these annoyance, but security is always at odds with convenience. | |
|
103 | ||
|
104 | Javascript and CSS in Markdown cells | |
|
105 | ************************************ | |
|
106 | ||
|
107 | While never officially supported, it had become common practice to put | |
|
108 | hidden Javascript or CSS styling in Markdown cells, so that they would | |
|
109 | not be visible on the page. Since Markdown cells are now sanitized (by | |
|
110 | `Google Caja <https://developers.google.com/caja>`__), all Javascript | |
|
111 | (including click event handlers, etc.) and CSS will be stripped. | |
|
112 | ||
|
113 | We plan to provide a mechanism for notebook themes, but in the meantime | |
|
114 | styling the notebook can only be done via either ``custom.css`` or CSS | |
|
115 | in HTML output. The latter only have an effect if the notebook is | |
|
116 | trusted, because otherwise the output will be sanitized just like | |
|
117 | Markdown. | |
|
118 | ||
|
119 | Collaboration | |
|
120 | ************* | |
|
121 | ||
|
122 | When collaborating on a notebook, people probably want to see the | |
|
123 | outputs produced by their colleagues' most recent executions. Since each | |
|
124 | collaborator's key will differ, this will result in each share starting | |
|
125 | in an untrusted state. There are three basic approaches to this: | |
|
126 | ||
|
127 | - re-run notebooks when you get them (not always viable) | |
|
128 | - explicitly trust notebooks via ``ipython trust`` or the notebook menu | |
|
129 | (annoying, but easy) | |
|
130 | - share a notebook secret, and use an IPython profile dedicated to the | |
|
131 | collaboration while working on the project. | |
|
132 | ||
|
133 | Multiple profiles or machines | |
|
134 | ***************************** | |
|
135 | ||
|
136 | Since the notebook secret is stored in a profile directory by default, | |
|
137 | opening a notebook with a different profile or on a different machine | |
|
138 | will result in a different key, and thus be untrusted. The only current | |
|
139 | way to address this is by sharing the notebook secret. This can be | |
|
140 | facilitated by setting the configurable: | |
|
141 | ||
|
142 | .. sourcecode:: python | |
|
143 | ||
|
144 | c.NotebookApp.secret_file = "/path/to/notebook_secret" | |
|
145 | ||
|
146 | in each profile, and only sharing the secret once per machine. |
@@ -1,9 +1,9 b'' | |||
|
1 | 1 | <html> |
|
2 | 2 | <head> |
|
3 | <meta http-equiv="Refresh" content="0; url=notebook.html" /> | |
|
4 |
<title>Notebook |
|
|
5 |
</head> |
|
|
3 | <meta http-equiv="Refresh" content="0; url=../notebook/index.html" /> | |
|
4 | <title>Notebook docs have moved</title> | |
|
5 | </head> | |
|
6 | 6 | <body> |
|
7 |
<p>The notebook |
|
|
7 | <p>The notebook docs have moved <a href="../notebook/index.html">here</a>.</p> | |
|
8 | 8 | </body> |
|
9 | 9 | </html> |
@@ -1,246 +1,249 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | # |
|
3 | 3 | # IPython documentation build configuration file. |
|
4 | 4 | |
|
5 | 5 | # NOTE: This file has been edited manually from the auto-generated one from |
|
6 | 6 | # sphinx. Do NOT delete and re-generate. If any changes from sphinx are |
|
7 | 7 | # needed, generate a scratch one and merge by hand any new fields needed. |
|
8 | 8 | |
|
9 | 9 | # |
|
10 | 10 | # This file is execfile()d with the current directory set to its containing dir. |
|
11 | 11 | # |
|
12 | 12 | # The contents of this file are pickled, so don't put values in the namespace |
|
13 | 13 | # that aren't pickleable (module imports are okay, they're removed automatically). |
|
14 | 14 | # |
|
15 | 15 | # All configuration values have a default value; values that are commented out |
|
16 | 16 | # serve to show the default value. |
|
17 | 17 | |
|
18 | 18 | import sys, os |
|
19 | 19 | |
|
20 | 20 | ON_RTD = os.environ.get('READTHEDOCS', None) == 'True' |
|
21 | 21 | |
|
22 | 22 | if ON_RTD: |
|
23 | 23 | # Mock the presence of matplotlib, which we don't have on RTD |
|
24 | 24 | # see |
|
25 | 25 | # http://read-the-docs.readthedocs.org/en/latest/faq.html |
|
26 | 26 | tags.add('rtd') |
|
27 | 27 | |
|
28 | 28 | # If your extensions are in another directory, add it here. If the directory |
|
29 | 29 | # is relative to the documentation root, use os.path.abspath to make it |
|
30 | 30 | # absolute, like shown here. |
|
31 | 31 | sys.path.insert(0, os.path.abspath('../sphinxext')) |
|
32 | 32 | |
|
33 | 33 | # We load the ipython release info into a dict by explicit execution |
|
34 | 34 | iprelease = {} |
|
35 | 35 | execfile('../../IPython/core/release.py',iprelease) |
|
36 | 36 | |
|
37 | 37 | # General configuration |
|
38 | 38 | # --------------------- |
|
39 | 39 | |
|
40 | 40 | # Add any Sphinx extension module names here, as strings. They can be extensions |
|
41 | 41 | # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. |
|
42 | 42 | extensions = [ |
|
43 | 43 | 'matplotlib.sphinxext.mathmpl', |
|
44 | 44 | 'matplotlib.sphinxext.only_directives', |
|
45 | 45 | 'matplotlib.sphinxext.plot_directive', |
|
46 | 46 | 'sphinx.ext.autodoc', |
|
47 | 47 | 'sphinx.ext.autosummary', |
|
48 | 48 | 'sphinx.ext.doctest', |
|
49 | 49 | 'sphinx.ext.inheritance_diagram', |
|
50 | 50 | 'sphinx.ext.intersphinx', |
|
51 | 51 | 'IPython.sphinxext.ipython_console_highlighting', |
|
52 | 52 | 'IPython.sphinxext.ipython_directive', |
|
53 | 53 | 'numpydoc', # to preprocess docstrings |
|
54 | 54 | 'github', # for easy GitHub links |
|
55 | 55 | ] |
|
56 | 56 | |
|
57 | 57 | if ON_RTD: |
|
58 | 58 | # Remove extensions not currently supported on RTD |
|
59 | 59 | extensions.remove('matplotlib.sphinxext.only_directives') |
|
60 | 60 | extensions.remove('matplotlib.sphinxext.mathmpl') |
|
61 | 61 | extensions.remove('matplotlib.sphinxext.plot_directive') |
|
62 | 62 | extensions.remove('IPython.sphinxext.ipython_directive') |
|
63 | 63 | extensions.remove('IPython.sphinxext.ipython_console_highlighting') |
|
64 | 64 | |
|
65 | 65 | # Add any paths that contain templates here, relative to this directory. |
|
66 | 66 | templates_path = ['_templates'] |
|
67 | 67 | |
|
68 | 68 | # The suffix of source filenames. |
|
69 | 69 | source_suffix = '.rst' |
|
70 | 70 | |
|
71 | 71 | if iprelease['_version_extra']: |
|
72 | 72 | rst_prolog = """ |
|
73 | 73 | .. note:: |
|
74 | 74 | |
|
75 | 75 | This documentation is for a development version of IPython. There may be |
|
76 | 76 | significant differences from the latest stable release (1.2.1). |
|
77 | 77 | |
|
78 | 78 | """ |
|
79 | 79 | |
|
80 | 80 | # The master toctree document. |
|
81 | 81 | master_doc = 'index' |
|
82 | 82 | |
|
83 | 83 | # General substitutions. |
|
84 | 84 | project = 'IPython' |
|
85 | 85 | copyright = '2008, The IPython Development Team' |
|
86 | 86 | |
|
87 | 87 | # ghissue config |
|
88 | 88 | github_project_url = "https://github.com/ipython/ipython" |
|
89 | 89 | |
|
90 | 90 | # numpydoc config |
|
91 | 91 | numpydoc_show_class_members = False # Otherwise Sphinx emits thousands of warnings |
|
92 | 92 | numpydoc_class_members_toctree = False |
|
93 | 93 | |
|
94 | 94 | # The default replacements for |version| and |release|, also used in various |
|
95 | 95 | # other places throughout the built documents. |
|
96 | 96 | # |
|
97 | 97 | # The full version, including alpha/beta/rc tags. |
|
98 | 98 | codename = iprelease['codename'] |
|
99 | 99 | release = "%s: %s" % (iprelease['version'], codename) |
|
100 | 100 | # Just the X.Y.Z part, no '-dev' |
|
101 | 101 | version = iprelease['version'].split('-', 1)[0] |
|
102 | 102 | |
|
103 | 103 | |
|
104 | 104 | # There are two options for replacing |today|: either, you set today to some |
|
105 | 105 | # non-false value, then it is used: |
|
106 | 106 | #today = '' |
|
107 | 107 | # Else, today_fmt is used as the format for a strftime call. |
|
108 | 108 | today_fmt = '%B %d, %Y' |
|
109 | 109 | |
|
110 | 110 | # List of documents that shouldn't be included in the build. |
|
111 | 111 | #unused_docs = [] |
|
112 | 112 | |
|
113 | 113 | # List of directories, relative to source directories, that shouldn't be searched |
|
114 | 114 | # for source files. |
|
115 | 115 | exclude_dirs = ['attic'] |
|
116 | 116 | |
|
117 | 117 | # If true, '()' will be appended to :func: etc. cross-reference text. |
|
118 | 118 | #add_function_parentheses = True |
|
119 | 119 | |
|
120 | 120 | # If true, the current module name will be prepended to all description |
|
121 | 121 | # unit titles (such as .. function::). |
|
122 | 122 | #add_module_names = True |
|
123 | 123 | |
|
124 | 124 | # If true, sectionauthor and moduleauthor directives will be shown in the |
|
125 | 125 | # output. They are ignored by default. |
|
126 | 126 | #show_authors = False |
|
127 | 127 | |
|
128 | 128 | # The name of the Pygments (syntax highlighting) style to use. |
|
129 | 129 | pygments_style = 'sphinx' |
|
130 | 130 | |
|
131 | 131 | |
|
132 | 132 | # Options for HTML output |
|
133 | 133 | # ----------------------- |
|
134 | 134 | |
|
135 | 135 | # The style sheet to use for HTML and HTML Help pages. A file of that name |
|
136 | 136 | # must exist either in Sphinx' static/ path, or in one of the custom paths |
|
137 | 137 | # given in html_static_path. |
|
138 | 138 | html_style = 'default.css' |
|
139 | 139 | |
|
140 | 140 | # The name for this set of Sphinx documents. If None, it defaults to |
|
141 | 141 | # "<project> v<release> documentation". |
|
142 | 142 | #html_title = None |
|
143 | 143 | |
|
144 | 144 | # The name of an image file (within the static path) to place at the top of |
|
145 | 145 | # the sidebar. |
|
146 | 146 | #html_logo = None |
|
147 | 147 | |
|
148 | 148 | # Add any paths that contain custom static files (such as style sheets) here, |
|
149 | 149 | # relative to this directory. They are copied after the builtin static files, |
|
150 | 150 | # so a file named "default.css" will overwrite the builtin "default.css". |
|
151 | 151 | html_static_path = ['_static'] |
|
152 | 152 | |
|
153 | 153 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, |
|
154 | 154 | # using the given strftime format. |
|
155 | 155 | html_last_updated_fmt = '%b %d, %Y' |
|
156 | 156 | |
|
157 | 157 | # If true, SmartyPants will be used to convert quotes and dashes to |
|
158 | 158 | # typographically correct entities. |
|
159 | 159 | #html_use_smartypants = True |
|
160 | 160 | |
|
161 | 161 | # Custom sidebar templates, maps document names to template names. |
|
162 | 162 | #html_sidebars = {} |
|
163 | 163 | |
|
164 | 164 | # Additional templates that should be rendered to pages, maps page names to |
|
165 | 165 | # template names. |
|
166 | 166 | html_additional_pages = { |
|
167 |
|
|
|
167 | 'interactive/htmlnotebook': 'notebook_redirect.html', | |
|
168 | 'interactive/notebook': 'notebook_redirect.html', | |
|
169 | 'interactive/nbconvert': 'notebook_redirect.html', | |
|
170 | 'interactive/public_server': 'notebook_redirect.html', | |
|
168 | 171 | } |
|
169 | 172 | |
|
170 | 173 | # If false, no module index is generated. |
|
171 | 174 | #html_use_modindex = True |
|
172 | 175 | |
|
173 | 176 | # If true, the reST sources are included in the HTML build as _sources/<name>. |
|
174 | 177 | #html_copy_source = True |
|
175 | 178 | |
|
176 | 179 | # If true, an OpenSearch description file will be output, and all pages will |
|
177 | 180 | # contain a <link> tag referring to it. The value of this option must be the |
|
178 | 181 | # base URL from which the finished HTML is served. |
|
179 | 182 | #html_use_opensearch = '' |
|
180 | 183 | |
|
181 | 184 | # If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). |
|
182 | 185 | #html_file_suffix = '' |
|
183 | 186 | |
|
184 | 187 | # Output file base name for HTML help builder. |
|
185 | 188 | htmlhelp_basename = 'ipythondoc' |
|
186 | 189 | |
|
187 | 190 | intersphinx_mapping = {'python': ('http://docs.python.org/2/', None)} |
|
188 | 191 | |
|
189 | 192 | # Options for LaTeX output |
|
190 | 193 | # ------------------------ |
|
191 | 194 | |
|
192 | 195 | # The paper size ('letter' or 'a4'). |
|
193 | 196 | latex_paper_size = 'letter' |
|
194 | 197 | |
|
195 | 198 | # The font size ('10pt', '11pt' or '12pt'). |
|
196 | 199 | latex_font_size = '11pt' |
|
197 | 200 | |
|
198 | 201 | # Grouping the document tree into LaTeX files. List of tuples |
|
199 | 202 | # (source start file, target name, title, author, document class [howto/manual]). |
|
200 | 203 | |
|
201 | 204 | latex_documents = [ |
|
202 | 205 | ('index', 'ipython.tex', 'IPython Documentation', |
|
203 | 206 | ur"""The IPython Development Team""", 'manual', True), |
|
204 | 207 | ('parallel/winhpc_index', 'winhpc_whitepaper.tex', |
|
205 | 208 | 'Using IPython on Windows HPC Server 2008', |
|
206 | 209 | ur"Brian E. Granger", 'manual', True) |
|
207 | 210 | ] |
|
208 | 211 | |
|
209 | 212 | # The name of an image file (relative to this directory) to place at the top of |
|
210 | 213 | # the title page. |
|
211 | 214 | #latex_logo = None |
|
212 | 215 | |
|
213 | 216 | # For "manual" documents, if this is true, then toplevel headings are parts, |
|
214 | 217 | # not chapters. |
|
215 | 218 | #latex_use_parts = False |
|
216 | 219 | |
|
217 | 220 | # Additional stuff for the LaTeX preamble. |
|
218 | 221 | #latex_preamble = '' |
|
219 | 222 | |
|
220 | 223 | # Documents to append as an appendix to all manuals. |
|
221 | 224 | #latex_appendices = [] |
|
222 | 225 | |
|
223 | 226 | # If false, no module index is generated. |
|
224 | 227 | latex_use_modindex = True |
|
225 | 228 | |
|
226 | 229 | |
|
227 | 230 | # Options for texinfo output |
|
228 | 231 | # -------------------------- |
|
229 | 232 | |
|
230 | 233 | texinfo_documents = [ |
|
231 | 234 | (master_doc, 'ipython', 'IPython Documentation', |
|
232 | 235 | 'The IPython Development Team', |
|
233 | 236 | 'IPython', |
|
234 | 237 | 'IPython Documentation', |
|
235 | 238 | 'Programming', |
|
236 | 239 | 1), |
|
237 | 240 | ] |
|
238 | 241 | |
|
239 | 242 | modindex_common_prefix = ['IPython.'] |
|
240 | 243 | |
|
241 | 244 | |
|
242 | 245 | # Cleanup |
|
243 | 246 | # ------- |
|
244 | 247 | # delete release info to avoid pickling errors from sphinx |
|
245 | 248 | |
|
246 | 249 | del iprelease |
@@ -1,38 +1,39 b'' | |||
|
1 | 1 | ===================== |
|
2 | 2 | IPython Documentation |
|
3 | 3 | ===================== |
|
4 | 4 | |
|
5 | 5 | .. htmlonly:: |
|
6 | 6 | |
|
7 | 7 | :Release: |release| |
|
8 | 8 | :Date: |today| |
|
9 | 9 | |
|
10 | 10 | .. only:: not rtd |
|
11 | 11 | |
|
12 | 12 | Welcome to the official IPython documentation. |
|
13 | 13 | |
|
14 | 14 | .. only:: rtd |
|
15 | 15 | |
|
16 | 16 | This is a partial copy of IPython documentation, please visit `IPython official documentation <http://ipython.org/documentation.html>`_. |
|
17 | 17 | |
|
18 | 18 | Contents |
|
19 | 19 | ======== |
|
20 | 20 | |
|
21 | 21 | .. toctree:: |
|
22 | 22 | :maxdepth: 1 |
|
23 | 23 | |
|
24 | 24 | overview |
|
25 | 25 | whatsnew/index |
|
26 | 26 | install/index |
|
27 | 27 | interactive/index |
|
28 | notebook/index | |
|
28 | 29 | parallel/index |
|
29 | 30 | config/index |
|
30 | 31 | development/index |
|
31 | 32 | api/index |
|
32 | 33 | about/index |
|
33 | 34 | |
|
34 | 35 | .. htmlonly:: |
|
35 | 36 | * :ref:`genindex` |
|
36 | 37 | * :ref:`modindex` |
|
37 | 38 | * :ref:`search` |
|
38 | 39 |
@@ -1,18 +1,16 b'' | |||
|
1 | 1 | ================================== |
|
2 | 2 | Using IPython for interactive work |
|
3 | 3 | ================================== |
|
4 | 4 | |
|
5 | 5 | .. toctree:: |
|
6 | 6 | :maxdepth: 2 |
|
7 | 7 | |
|
8 | 8 | tutorial |
|
9 | 9 | tips |
|
10 | 10 | reference |
|
11 | 11 | shell |
|
12 | 12 | qtconsole |
|
13 | notebook | |
|
14 | cm_keyboard | |
|
15 | nbconvert | |
|
16 | public_server | |
|
17 | 13 | |
|
14 | .. seealso:: | |
|
18 | 15 | |
|
16 | :doc:`/notebook/index` |
|
1 | NO CONTENT: file renamed from docs/source/interactive/cm_keyboard.rst to docs/source/notebook/cm_keyboard.rst |
|
1 | NO CONTENT: file renamed from docs/source/interactive/nbconvert.rst to docs/source/notebook/nbconvert.rst |
|
1 | NO CONTENT: file renamed from docs/source/interactive/notebook.rst to docs/source/notebook/notebook.rst |
@@ -1,159 +1,159 b'' | |||
|
1 | 1 | .. _working_remotely: |
|
2 | 2 | |
|
3 | 3 | Running a notebook server |
|
4 | 4 | ========================= |
|
5 | 5 | |
|
6 | 6 | |
|
7 | 7 | The :ref:`IPython notebook <htmlnotebook>` web-application is based on a |
|
8 | 8 | server-client structure. This server uses a :ref:`two-process kernel |
|
9 | 9 | architecture <ipythonzmq>` based on ZeroMQ_, as well as Tornado_ for serving |
|
10 | 10 | HTTP requests. By default, a notebook server runs on http://127.0.0.1:8888/ |
|
11 | 11 | and is accessible only from `localhost`. This document describes how you can |
|
12 | 12 | :ref:`secure a notebook server <notebook_security>` and how to :ref:`run it on |
|
13 | 13 | a public interface <notebook_public_server>`. |
|
14 | 14 | |
|
15 | 15 | .. _ZeroMQ: http://zeromq.org |
|
16 | 16 | |
|
17 | 17 | .. _Tornado: http://www.tornadoweb.org |
|
18 | 18 | |
|
19 | 19 | |
|
20 | 20 | .. _notebook_security: |
|
21 | 21 | |
|
22 | Notebook security | |
|
23 | ----------------- | |
|
22 | Securing a notebook server | |
|
23 | -------------------------- | |
|
24 | 24 | |
|
25 | 25 | You can protect your notebook server with a simple single password by |
|
26 | 26 | setting the :attr:`NotebookApp.password` configurable. You can prepare a |
|
27 | 27 | hashed password using the function :func:`IPython.lib.security.passwd`: |
|
28 | 28 | |
|
29 | 29 | .. sourcecode:: ipython |
|
30 | 30 | |
|
31 | 31 | In [1]: from IPython.lib import passwd |
|
32 | 32 | In [2]: passwd() |
|
33 | 33 | Enter password: |
|
34 | 34 | Verify password: |
|
35 | 35 | Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' |
|
36 | 36 | |
|
37 | 37 | .. note:: |
|
38 | 38 | |
|
39 | 39 | :func:`~IPython.lib.security.passwd` can also take the password as a string |
|
40 | 40 | argument. **Do not** pass it as an argument inside an IPython session, as it |
|
41 | 41 | will be saved in your input history. |
|
42 | 42 | |
|
43 | 43 | You can then add this to your :file:`ipython_notebook_config.py`, e.g.:: |
|
44 | 44 | |
|
45 | 45 | # Password to use for web authentication |
|
46 | 46 | c = get_config() |
|
47 | 47 | c.NotebookApp.password = |
|
48 | 48 | u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed' |
|
49 | 49 | |
|
50 | 50 | When using a password, it is a good idea to also use SSL, so that your |
|
51 | 51 | password is not sent unencrypted by your browser. You can start the notebook |
|
52 | 52 | to communicate via a secure protocol mode using a self-signed certificate with |
|
53 | 53 | the command:: |
|
54 | 54 | |
|
55 | 55 | $ ipython notebook --certfile=mycert.pem |
|
56 | 56 | |
|
57 | 57 | .. note:: |
|
58 | 58 | |
|
59 | 59 | A self-signed certificate can be generated with ``openssl``. For example, |
|
60 | 60 | the following command will create a certificate valid for 365 days with |
|
61 | 61 | both the key and certificate data written to the same file:: |
|
62 | 62 | |
|
63 | 63 | $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem |
|
64 | 64 | |
|
65 | 65 | Your browser will warn you of a dangerous certificate because it is |
|
66 | 66 | self-signed. If you want to have a fully compliant certificate that will not |
|
67 | 67 | raise warnings, it is possible (but rather involved) to obtain one, |
|
68 | 68 | as explained in detail in `this tutorial`__. |
|
69 | 69 | |
|
70 | 70 | .. __: http://arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars |
|
71 | 71 | |
|
72 | 72 | Keep in mind that when you enable SSL support, you will need to access the |
|
73 | 73 | notebook server over ``https://``, not over plain ``http://``. The startup |
|
74 | 74 | message from the server prints this, but it is easy to overlook and think the |
|
75 | 75 | server is for some reason non-responsive. |
|
76 | 76 | |
|
77 | 77 | |
|
78 | 78 | .. _notebook_public_server: |
|
79 | 79 | |
|
80 | 80 | Running a public notebook server |
|
81 | 81 | -------------------------------- |
|
82 | 82 | |
|
83 | 83 | If you want to access your notebook server remotely via a web browser, |
|
84 | 84 | you can do the following. |
|
85 | 85 | |
|
86 | 86 | Start by creating a certificate file and a hashed password, as explained |
|
87 | 87 | above. Then create a custom profile for the notebook, with the following |
|
88 | 88 | command line, type:: |
|
89 | 89 | |
|
90 | 90 | $ ipython profile create nbserver |
|
91 | 91 | |
|
92 | 92 | In the profile directory just created, edit the file |
|
93 | 93 | ``ipython_notebook_config.py``. By default, the file has all fields |
|
94 | 94 | commented; the minimum set you need to uncomment and edit is the following:: |
|
95 | 95 | |
|
96 | 96 | c = get_config() |
|
97 | 97 | |
|
98 | 98 | # Kernel config |
|
99 | 99 | c.IPKernelApp.pylab = 'inline' # if you want plotting support always |
|
100 | 100 | |
|
101 | 101 | # Notebook config |
|
102 | 102 | c.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem' |
|
103 | 103 | c.NotebookApp.ip = '*' |
|
104 | 104 | c.NotebookApp.open_browser = False |
|
105 | 105 | c.NotebookApp.password = u'sha1:bcd259ccf...[your hashed password here]' |
|
106 | 106 | # It is a good idea to put it on a known, fixed port |
|
107 | 107 | c.NotebookApp.port = 9999 |
|
108 | 108 | |
|
109 | 109 | You can then start the notebook and access it later by pointing your browser |
|
110 | 110 | to ``https://your.host.com:9999`` with ``ipython notebook |
|
111 | 111 | --profile=nbserver``. |
|
112 | 112 | |
|
113 | 113 | Running with a different URL prefix |
|
114 | 114 | ----------------------------------- |
|
115 | 115 | |
|
116 | 116 | The notebook dashboard (the landing page with an overview |
|
117 | 117 | of the notebooks in your working directory) typically lives at the URL |
|
118 | 118 | ``http://localhost:8888/``. If you prefer that it lives, together with the |
|
119 | 119 | rest of the notebook, under a sub-directory, |
|
120 | 120 | e.g. ``http://localhost:8888/ipython/``, you can do so with |
|
121 | 121 | configuration options like the following (see above for instructions about |
|
122 | 122 | modifying ``ipython_notebook_config.py``):: |
|
123 | 123 | |
|
124 | 124 | c.NotebookApp.base_url = '/ipython/' |
|
125 | 125 | c.NotebookApp.webapp_settings = {'static_url_prefix':'/ipython/static/'} |
|
126 | 126 | |
|
127 | 127 | Using a different notebook store |
|
128 | 128 | -------------------------------- |
|
129 | 129 | |
|
130 | 130 | By default, the notebook server stores the notebook documents that it saves as |
|
131 | 131 | files in the working directory of the notebook server, also known as the |
|
132 | 132 | ``notebook_dir``. This logic is implemented in the |
|
133 | 133 | :class:`FileNotebookManager` class. However, the server can be configured to |
|
134 | 134 | use a different notebook manager class, which can |
|
135 | 135 | store the notebooks in a different format. |
|
136 | 136 | |
|
137 | 137 | The bookstore_ package currently allows users to store notebooks on Rackspace |
|
138 | 138 | CloudFiles or OpenStack Swift based object stores. |
|
139 | 139 | |
|
140 | 140 | Writing a notebook manager is as simple as extending the base class |
|
141 | 141 | :class:`NotebookManager`. The simple_notebook_manager_ provides a great example |
|
142 | 142 | of an in memory notebook manager, created solely for the purpose of |
|
143 | 143 | illustrating the notebook manager API. |
|
144 | 144 | |
|
145 | 145 | .. _bookstore: https://github.com/rgbkrk/bookstore |
|
146 | 146 | |
|
147 | 147 | .. _simple_notebook_manager: https://github.com/khinsen/simple_notebook_manager |
|
148 | 148 | |
|
149 | 149 | Known issues |
|
150 | 150 | ------------ |
|
151 | 151 | |
|
152 | 152 | When behind a proxy, especially if your system or browser is set to autodetect |
|
153 | 153 | the proxy, the notebook web application might fail to connect to the server's |
|
154 | 154 | websockets, and present you with a warning at startup. In this case, you need |
|
155 | 155 | to configure your system not to use the proxy for the server's address. |
|
156 | 156 | |
|
157 | 157 | For example, in Firefox, go to the Preferences panel, Advanced section, |
|
158 | 158 | Network tab, click 'Settings...', and add the address of the notebook server |
|
159 | 159 | to the 'No proxy for' field. |
General Comments 0
You need to be logged in to leave comments.
Login now