You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2022/10/12 08:52:38 UTC

[GitHub] [zeppelin] raboof opened a new pull request, #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

raboof opened a new pull request, #4478:
URL: https://github.com/apache/zeppelin/pull/4478

   ### What is this PR for?
   
   This PR adds a 'Security' page to the website explaining what security characteristics people can expect from Zeppelin, and how to report any security issues people might find.
   
   ### What type of PR is it?
   Improvement
   Documentation
   
   ### What is the Jira issue?
   
   [ZEPPELIN-5830](https://issues.apache.org/jira/browse/ZEPPELIN-5830)
   
   ### How should this be tested?
   
   I had trouble running jekyll on my machine, so I have not verified the link in the menu and the page itself look good when rendered yet.
   
   ### Questions:
   * Does the licenses files need to update? no
   * Is there breaking changes for older versions? no
   * Does this needs documentation? no
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zeppelin] Reamer commented on a diff in pull request #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

Posted by GitBox <gi...@apache.org>.

Reamer commented on code in PR #4478:
URL: https://github.com/apache/zeppelin/pull/4478#discussion_r993352854


##########
security.md:
##########
@@ -0,0 +1,75 @@
+# Zeppelin Security
+
+This page explains what security characteristics can be expected from
+Zeppelin, what measures operators of a Zeppelin instance will have to
+take, and how to report any security issues found in the Zeppelin
+software.
+
+## Code execution on the server
+
+It is the nature of the Zeppelin software that it allows
+uploading code from the browser and executing it on the server.
+
+Because of this, you should make sure your Zeppelin instance is only
+available to trusted users, and the server on which Zeppelin is
+installed does not contain any secrets or have privileges beyond
+those the users are trusted with.
+
+### Zeppelin on Docker
+
+An exception to the above is when the Zeppelin interpreter
+is [run in a Docker container](https://zeppelin.apache.org/docs/latest/quickstart/docker.html).
+This isolates the operating environment of the interpreter through the docker container.
+
+### Zeppelin on Kubernetes
+
+A similar exception exists when Zeppelin is
+[deployed on Kubernetes](https://zeppelin.apache.org/docs/latest/quickstart/kubernetes.html).
+In this case Zeppelin creates pods for individual interpreters,
+and also the Spark interpreter is auto configured to use Spark
+on Kubernetes in client mode.
+
+## JavaScript code execution in the browser
+
+Zeppelin allows notes to produce rich output, including HTML and even
+executing JavaScript code. This means that when users view each others'
+notes, HTML and JavaScript controlled by the creator of the note will
+be executed in the browser that views it.
+
+Because of this, you should make sure your Zeppelin instance is only
+available to trusted users. When deploying Zeppelin on a domain that
+is shared with other applications, appropriate measures may have to be
+taken to avoid a compromised Zeppelin notebook to also grant access
+to other services on the same domain.
+
+## Authentication
+
+If you expose your Zeppelin instance on a network you don't fully trust,
+you should configure [Apache Shiro authentication](https://zeppelin.apache.org/docs/latest/setup/security/shiro_authentication.html).
+
+Non-authenticated users cannot view, store or execute notes, so they
+cannot execute code on the server or on other users' browsers.
+Authenticated users, however, have the same access as described above,
+so even when using authentication it is still important to only give
+trusted users access to Zeppelin. Specifically, users have access to

Review Comment:
   Owner of Notes can set permissions on it. Therefore, an authenticated user does not see all Notes of all other users.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zeppelin] zjffdu merged pull request #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

Posted by GitBox <gi...@apache.org>.

zjffdu merged PR #4478:
URL: https://github.com/apache/zeppelin/pull/4478


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zeppelin] Reamer commented on a diff in pull request #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

Posted by GitBox <gi...@apache.org>.

Reamer commented on code in PR #4478:
URL: https://github.com/apache/zeppelin/pull/4478#discussion_r993577573


##########
security.md:
##########
@@ -0,0 +1,75 @@
+# Zeppelin Security
+
+This page explains what security characteristics can be expected from
+Zeppelin, what measures operators of a Zeppelin instance will have to
+take, and how to report any security issues found in the Zeppelin
+software.
+
+## Code execution on the server
+
+It is the nature of the Zeppelin software that it allows
+uploading code from the browser and executing it on the server.
+
+Because of this, you should make sure your Zeppelin instance is only
+available to trusted users, and the server on which Zeppelin is
+installed does not contain any secrets or have privileges beyond
+those the users are trusted with.
+
+### Zeppelin on Docker
+
+An exception to the above is when the Zeppelin interpreter
+is [run in a Docker container](https://zeppelin.apache.org/docs/latest/quickstart/docker.html).
+This isolates the operating environment of the interpreter through the docker container.
+
+### Zeppelin on Kubernetes
+
+A similar exception exists when Zeppelin is
+[deployed on Kubernetes](https://zeppelin.apache.org/docs/latest/quickstart/kubernetes.html).
+In this case Zeppelin creates pods for individual interpreters,
+and also the Spark interpreter is auto configured to use Spark
+on Kubernetes in client mode.
+
+## JavaScript code execution in the browser
+
+Zeppelin allows notes to produce rich output, including HTML and even
+executing JavaScript code. This means that when users view each others'
+notes, HTML and JavaScript controlled by the creator of the note will
+be executed in the browser that views it.
+
+Because of this, you should make sure your Zeppelin instance is only
+available to trusted users. When deploying Zeppelin on a domain that
+is shared with other applications, appropriate measures may have to be
+taken to avoid a compromised Zeppelin notebook to also grant access
+to other services on the same domain.
+
+## Authentication
+
+If you expose your Zeppelin instance on a network you don't fully trust,
+you should configure [Apache Shiro authentication](https://zeppelin.apache.org/docs/latest/setup/security/shiro_authentication.html).
+
+Non-authenticated users cannot view, store or execute notes, so they
+cannot execute code on the server or on other users' browsers.
+Authenticated users, however, have the same access as described above,
+so even when using authentication it is still important to only give
+trusted users access to Zeppelin. Specifically, users have access to

Review Comment:
   Resolved via a personal Slack communication.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zeppelin] zjffdu commented on pull request #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

Posted by GitBox <gi...@apache.org>.

zjffdu commented on PR #4478:
URL: https://github.com/apache/zeppelin/pull/4478#issuecomment-1278390838

   Thanks @raboof , PR LGTM


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zeppelin] Reamer commented on pull request #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

Posted by GitBox <gi...@apache.org>.

Reamer commented on PR #4478:
URL: https://github.com/apache/zeppelin/pull/4478#issuecomment-1278621303

   @zjffdu 
   I am not familiar with the homepage. Please merge the PullRequest if everything fits.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org