0

I wanted to create a real time demo of a web application based on our own proprietary python package. In the demo the users should be able to import the package and then write and run in real time simple python scripts that explore the package features. A public instance of Jupyter notebooks (particularly the implementation of jupyter/tmpnb) would be an optimal solution, but I am concerned that the users will be able to access the proprietary python code just by using Jupyter's magic commands (i.e. by accessing shell commands) and navigating at will through the directory system of the server running the public instance. Is there any alternative to Jupyter notebooks that I can use for this? (i.e. to set up an interactive real time session for the users of the demo, so they can do their python tests of the package without being able to access the package code). Any suggestions on what the best way of doing this will be appreciated. Thanks a lot.

Jose Sanchez
  • 11
  • 2

1 Answers1

0

If you containerise properly (e.g. by using Docker) then you can easily create environments for your users to mess around in and that makes them unable to access the server's folders.

In fact, if you mess around with the tmpnb server, and open a terminal you'll notice that the users don't have access to anything other than their own container's folder. So you can just follow the tmpnb readme instructions.

Plus, you can always set everything up and then try and access your proprietary code yourself to give yourself extra comfort that your code is truly safe and that the users only have access to a very limited environment.

Louise Davies
  • 14,781
  • 6
  • 38
  • 41
  • Hi, thanks a lot for the answer, I'm confused: I was playing a bit in tmpnb server (through the link you provided) and was able to access the server directories just by using magic commands: %cd .. , %ls , etc, what I am missing here? Thanks. – Jose Sanchez Jul 11 '17 at 09:41
  • Hmm, I digot myself mixed up between protecting the main server and not the files in the notebook server - Juyterhub doesn't care what a user does to their own server as long as it protects the main server. I don't think you can actually block access to the filesystem as python itself can access the filesystem via subproccess. You'd have to create a custom kernel that blocks every single possible filesystem command you don't like. Sorry to have gotten your hopes up :( – Louise Davies Jul 11 '17 at 09:55