#7635: notebook -- make it trivial for any user to restrict the notebook server
to
only listen on certain subdomain
---------------------------+------------------------------------------------
Reporter: was | Owner: was
Type: enhancement | Status: needs_review
Priority: major | Milestone: sage-4.3
Component: notebook | Keywords:
Work_issues: | Author: William Stein
Upstream: N/A | Reviewer: Dan Drake
Merged: |
---------------------------+------------------------------------------------
Comment(by ddrake):
Replying to [comment:10 was]:
> Wow! Your localhost is 127.0.1.1? What operating system is that on?
For me on OS X and sage.math, localhost is 127.0.0.1. On Wikipedia it
says "Localhost always translates to the loopback IP address 127.0.0.1 in
IPv4."
I'm using Ubuntu 9.10. You're right that localhost always resolves to
127.0.0.1, but apparently connections over the loopback network interface
can get assigned IP addresses other than that.
The source of all this confusion is that I've never actually given a real
value to {{{address}}}! I have only ever given {{{address=''}}} to listen
to everything, or not specified it at all to make it do localhost only. My
computer is klee.kaist.ac.kr and I tried address='klee', so maybe I should
go back and try some more.
> Your patch has 127.0.0.1/8 by the way.
I noticed. I should change that, although the /8 bitmask means that the
last three octets don't matter.
> I guess your micro patch doesn't quite work because of the line {{{if
'127.0.0.1' not in subnets:}}} right above the insert line.
I noticed that before, but it's not going to make a big difference -- if
someone puts '127.0.0.1/8' or whatever into subnets, then the resulting
list in memory would be something like
{{{
['127.0.0.0/8', something, '127.0.0.1/8']
}}}
which won't make any real difference with access control.
> Also, are you sure about your patch? You say: Try
{{{notebook(address='x.y.z', subnets=['blah'])}}} But as soon as you
explicitly specify the address then Twisted only listens on that interface
and ignores localhost or any other interface (localhost is just a network
interface like any other).
>
> So unless I'm missing something (I usually am!) we shouldn't apply your
micro patch and should change this back to "positive review". What do
you think?
I think I'm going to play around with the address keyword some more until
I understand how it works. Maybe the patch at #7639 isn't quite right; do
we need the name of an ''interface'' (such as "eth0" or "lo") or an IP
address to which that interface is bound? I'll play around a bit more and
report back.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/7635#comment:11>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
