On Wednesday 27 June 2007 11:24, Timothy Clemans wrote: > The turning off net access all together for notebook is users is not a > good idea, because there is database stuff in SAGE that uses web sites > such as Sloane's database. There is a lot of detection software out > there, so I don't think net access needs to be stopped altogether.
We cannot rely on DoS prevention systems elsewhere if the notebook is used for a denial of service attack it is William's responsibility. Thus, I vote for a heavily firewalled chroot: * do all the anti-spoof, packet scrubbing stuff * forbid any OUTGOING traffic * allow a WHITELIST of hosts:ports (like sloane's database and such) * allow DNS out (I'm afraid we have to do that) * forbid any INCOMING traffic * allow SSH in * allow the SAGE notebook communication in Another thing: If I shoot myself in the foot 30 times (that is the number of users) I effectively vandalized the SAGE notebook? Ignore this if it doesn't make sense, I haven't actually tried to vandalize anything yet. Martin -- name: Martin Albrecht _pgp: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8EF0DC99 _www: http://www.informatik.uni-bremen.de/~malb _jab: [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
