On Tue, 31 Jul 2012, Maarten Derickx wrote:
How have you installed sage for department or university? There are at
least six options:
6) Have iptables to redirect port 443 to (for example) 8000.
I think it is a good idea to run sage on a priveleged port, since this
makes it slightly harder to replace your sage notebook by a fake copy of
your sage notebook to do evil things. That's why I don't like 6).
You are right.
5) Use authbind. Seems to work. Needs one extra component.
I'd say just use option 5) if sage is the only service on that server that
needs port 443.
OK, I'll do that.
A way more important security issue is that you really should use the
server_pool option of the notebook() command, to specify that the notebook
process (the sage server) and the worksheet process (the process that runs
the calculations) run as a seperate user. This prevents the users on your
system from being able to kill the server process. - -
Thanks for this.
So, basically, notebook(...) without server_pool -option is unsecure.
(Which makes me think why it is even possible to use it... at least
without option like "forget-security=yes" :=) )
--
Jori Mäntysalo
--
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/sage-support
URL: http://www.sagemath.org
