You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To secure containers (as best we can without access to galaxy's authentication), we need to provide IP address whitelisting for use in the containers. This is already started, but not complete due to docker issues.
There is a severe security vulnerability produced as a result of this lack of authentication, which we will consider in the following scenario:
Alice is happily using IPython Notebook from within Galaxy. Bob has turned evil and is portscanning galaxy instances looking for open IPython Notebooks (should be relatively trivial to do, not everyone runs python tornado webservers). Bob finds an open notebook, connects to it, and creates a new notebook in which he runs
%%bash
cat /import/conf.yaml
At this point Bob knows Alice's API key and it's game over for her. He has complete access to all the data she has access to.
The text was updated successfully, but these errors were encountered:
To secure containers (as best we can without access to galaxy's authentication), we need to provide IP address whitelisting for use in the containers. This is already started, but not complete due to docker issues.
There is a severe security vulnerability produced as a result of this lack of authentication, which we will consider in the following scenario:
Alice is happily using IPython Notebook from within Galaxy. Bob has turned evil and is portscanning galaxy instances looking for open IPython Notebooks (should be relatively trivial to do, not everyone runs python tornado webservers). Bob finds an open notebook, connects to it, and creates a new notebook in which he runs
At this point Bob knows Alice's API key and it's game over for her. He has complete access to all the data she has access to.
The text was updated successfully, but these errors were encountered: