Merge pull request #359 from manics/readme-warn-net

README: warn about unlimited local network access
jupyterhub · Dec 15, 2022 · ade470c · ade470c
2 parents 72e7dcb + ac76d02
commit ade470c
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -32,6 +32,24 @@ The primary use cases are:
 [The documentation](https://jupyter-server-proxy.readthedocs.io/)
 contains information on installation & usage.
 
+## Security warning
+
+Jupyter Server Proxy is often used to start a user defined process listening to
+some network port (e.g. http://localhost:4567) for a user starting a Jupyter Server
+that only that user has permission to access. The user can then access the
+started process proxied through the Jupyter Server.
+
+For safe use of Jupyter Server Proxy, you should ensure that the process started
+by Jupyter Server proxy can't be accessed directly by another user and bypass
+the Jupyter Server's authorization!
+
+A common strategy to enforce access proxied via Jupyter Server is to start
+Jupyter Server within a container and only allow network access to the Jupyter
+Server via the container.
+
+For more insights, see [Ryan Lovetts comment about
+it](https://github.com/jupyterhub/jupyter-server-proxy/pull/359#issuecomment-1350118197).
+
 ## Install
 
 ### Requirements