> > > Would you recommend putting this somewhere in the sagenb documentation? > I > > wasn't even aware of this .sage/notebook/ directory, since I'm not an > admin. > > Hmm... Where? Maybe > > http://www.sagemath.org/doc/reference/notebook/sagenb/notebook/notebook_object.html > > could have on "secure" something like > > "When `notebook()` is run for first time with `secure=True`, it will > generate new keys and store them to `.sage/notebook/`. Remove this when > you want to generate new keys, for example if older version of Sage has > generated too short keys." > > Somebody, please make a ticket for this. >
Can you navigate to https://github.com/sagemath/sagenb/blob/master/sagenb/notebook/notebook_object.py, click the little pencil icon to make a fork and edit it, and put it in a pull request? (No downloading required!) If you don't have a github acct. then of course that is fine, I just like you to get credit for this small change. > > * * * > > Whole documentation for sagenb is quite bad. For example it is very easy True. Partly this is because whenever big changes happened, they happened within very short time spans. (I'm not condoning that, just explaining.) > > to run it without server_pool-option. Then any user can use > system()-function to read other users data or even to change files so that > system will collect password. To see that try > > os.system("echo meow > /tmp/whatcatsays") > > and then again > > os.system("echo meow > "+SAGE_ROOT+"/whatcatsays") > > Last one should give a permission denied. > > Best practise here is, on my opinion, to have THREE account: sagegui for > running GUI, sagecalc to run computations and sagecomp for an admin to > compile Sage. > > Yes, although we try to be clear in any instructions about this elsewhere, e.g. http://wiki.sagemath.org/SageServer -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-support+unsubscr...@googlegroups.com. To post to this group, send email to sage-support@googlegroups.com. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
