Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security-related variables using hardcoded defaults #417

Closed
fmigneault opened this issue Jan 12, 2024 · 1 comment
Closed

Security-related variables using hardcoded defaults #417

fmigneault opened this issue Jan 12, 2024 · 1 comment
Assignees
@mishaschwartz
Labels
enhancement New feature or request project/DACCS Related to DACCS project (https://github.com/orgs/DACCS-Climate) security Issues or features related to security concerns

Comments

@fmigneault
Copy link
Member

fmigneault commented Jan 12, 2024
edited
Loading

The fact that they're hardcoded at all is a problem though. Because even without the changes you've made here, we could still override MAGPIE_ADMIN_USERNAME and then the JUPYTERHUB_ADMIN_USERS would no longer match.

Why don't we make an issue for this and we'll fix it in a later PR

Originally posted by @mishaschwartz in #415 (comment)

birdhouse-deploy/birdhouse/env.local.example

Line 27 in 10128e5

export JUPYTERHUB_ADMIN_USERS="{'admin'}" # python set syntax

The above variable should use the expected reference to MAGPIE_ADMIN_USERNAME.
Other locations using similar configurations must be adjusted and validated.
@fmigneault fmigneault added enhancement New feature or request security Issues or features related to security concerns project/DACCS Related to DACCS project (https://github.com/orgs/DACCS-Climate) labels Jan 12, 2024
@mishaschwartz mishaschwartz self-assigned this Jan 15, 2024
@mishaschwartz
Copy link
Collaborator

Note for later:

  • we should also raise a warning if the ALLOW_UNSECURE_HTTP variable is set to True (it should not be set to True in a production environment so we should warn the user)

@mishaschwartz mishaschwartz mentioned this issue Jan 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mishaschwartz mishaschwartz

Labels
enhancement New feature or request project/DACCS Related to DACCS project (https://github.com/orgs/DACCS-Climate) security Issues or features related to security concerns
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mishaschwartz @fmigneault