Ticket #3059 (closed defect: fixed)
[with patch; positive review] notebook -- rewrite notebook(...) function to *not* use SSL by default
| Reported by: | was | Owned by: | boothby |
|---|---|---|---|
| Priority: | major | Milestone: | sage-3.0.1 |
| Component: | notebook | Keywords: | |
| Cc: | Work issues: | ||
| Report Upstream: | Reviewers: | ||
| Authors: | Merged in: | ||
| Dependencies: | Stopgaps: |
Description
Attachments
-
extcode-3059.patch
(3.5 KB) -
added by was 5 years ago.
-
sage-3059.patch
(5.7 KB) -
added by was 5 years ago.
-
sage-3059-doc.patch
(9.5 KB) -
added by TimothyClemans 5 years ago.
Change History
comment:1 Changed 5 years ago by was
The two patches turn ssl off by default, make logins required by default no matter what, print a big warning in a worrisome case, use a token to automate the first login, and fill in the admin username if it is the only possible username.
comment:2 Changed 5 years ago by was
- Summary changed from notebook -- rewrite notebook(...) function to *not* use SSL by default to [with patch; needs review] notebook -- rewrite notebook(...) function to *not* use SSL by default
comment:3 Changed 5 years ago by robertwb
This is mostly to accommodate Firefox 3, right? If two users are running on the same system is it possible to sniff localhost traffic (short of being root, in which case the notebook could be compromised anyways...)? If not, then it looks good (though I have yet to try it out) and if so, is this a risk we're willing to take? (Probably so.)
comment:4 Changed 5 years ago by boothby
AFAIK, it is impossible to sniff localhost without being root. This is not necessarily the case in Windows. We should get a security expert to weigh in on this issue.
First patch appears to be completely orthogonal to the issue -- it seems to globally replace SAGE with Sage. Specifically, if the second patch is not given a positive review soon, please split the first into a new ticket to avoid bitrot.
Second patch appears fine (modulo the security discussion) but I haven't tested it and won't until Wednesday or later.
comment:5 Changed 5 years ago by was
Comments:
- In UNIX (linux and OS X) one definitely cannot sniff localhost unless one's system is purposely seriously misconfigured.
- Windows is not relevant at this point, since there is no native notebook server under windows.
- Boothby's comment that "First patch appears to be completely orthogonal to the issue -- it seems to globally replace SAGE with Sage." isn't right. That patch (1) makes the case change, and (2) adds a template parameter. Both patches need to be applied.
- Timothy Clemans did thoroughly test out the patch and found no bugs particularly caused by the patch, according to his remarks on irc.
comment:6 Changed 5 years ago by was
I give sage-3059-doc.patch (the patch added by Timothy) a possitive review.
comment:7 Changed 5 years ago by TimothyClemans
- Summary changed from [with patch; needs review] notebook -- rewrite notebook(...) function to *not* use SSL by default to [with patch; positive review] notebook -- rewrite notebook(...) function to *not* use SSL by default
Positive review. Tested on sage.math. I doctested twist.py and no errors. I tried various combinations including "secure=True, require_login=False".
