[GitHub] [zeppelin] Reamer commented on a diff in pull request #4478: [ZEPPELIN-5830] Add Zeppelin Security page to the website

[GitBox <gi...@apache.org>]

Reamer commented on code in PR #4478:
URL: https://github.com/apache/zeppelin/pull/4478#discussion_r993352854


##########
security.md:
##########
@@ -0,0 +1,75 @@
+# Zeppelin Security
+
+This page explains what security characteristics can be expected from
+Zeppelin, what measures operators of a Zeppelin instance will have to
+take, and how to report any security issues found in the Zeppelin
+software.
+
+## Code execution on the server
+
+It is the nature of the Zeppelin software that it allows
+uploading code from the browser and executing it on the server.
+
+Because of this, you should make sure your Zeppelin instance is only
+available to trusted users, and the server on which Zeppelin is
+installed does not contain any secrets or have privileges beyond
+those the users are trusted with.
+
+### Zeppelin on Docker
+
+An exception to the above is when the Zeppelin interpreter
+is [run in a Docker container](https://zeppelin.apache.org/docs/latest/quickstart/docker.html).
+This isolates the operating environment of the interpreter through the docker container.
+
+### Zeppelin on Kubernetes
+
+A similar exception exists when Zeppelin is
+[deployed on Kubernetes](https://zeppelin.apache.org/docs/latest/quickstart/kubernetes.html).
+In this case Zeppelin creates pods for individual interpreters,
+and also the Spark interpreter is auto configured to use Spark
+on Kubernetes in client mode.
+
+## JavaScript code execution in the browser
+
+Zeppelin allows notes to produce rich output, including HTML and even
+executing JavaScript code. This means that when users view each others'
+notes, HTML and JavaScript controlled by the creator of the note will
+be executed in the browser that views it.
+
+Because of this, you should make sure your Zeppelin instance is only
+available to trusted users. When deploying Zeppelin on a domain that
+is shared with other applications, appropriate measures may have to be
+taken to avoid a compromised Zeppelin notebook to also grant access
+to other services on the same domain.
+
+## Authentication
+
+If you expose your Zeppelin instance on a network you don't fully trust,
+you should configure [Apache Shiro authentication](https://zeppelin.apache.org/docs/latest/setup/security/shiro_authentication.html).
+
+Non-authenticated users cannot view, store or execute notes, so they
+cannot execute code on the server or on other users' browsers.
+Authenticated users, however, have the same access as described above,
+so even when using authentication it is still important to only give
+trusted users access to Zeppelin. Specifically, users have access to

Review Comment:
   Owner of Notes can set permissions on it. Therefore, an authenticated user does not see all Notes of all other users.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org