Dashboard shows cluster of different user

[SofianeB]

What happened:

We are running a jupyterhub for HPC users. I noticed when opening jupyterlab that the Dask Dashboard is activated and shows a running cluster on port 8787even if I didn't start a cluster before. After checking who is using that port it is actually a different user.
How can that be possible? the should not be possible right (security perspective)?
What you expected to happen:

Anything else we need to know?:

Environment:

• Dask version: 2022.02.0
• Dask-Labextension version: 5.2.0
• Python version: 3.9
• Operating System: CentOS 8
• Install method (conda, pip, source): conda

Cluster Dump State:

[jacobtomlinson]

Thanks for opening this @SofianeB.

The Dask dashboard does not use any authentication, so if another user is already running a Dask scheduler on the same node that you are using they may be using port 8787 and you will be able to access it.

The lab extension will not allow you to access dashboards running on different nodes by default, but if two users are on the same machine we cannot restrict this.

We are tracking adding authentication in #190.