-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add path_prefix_from_file option, adding security by obscurity. This … #5541
Conversation
…option is helpful on multi-user systems.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A simple but really helpful addition to make TensorBoard usable on a shared multi-user system without severe security concerns! Solves a long standing security issue.
@yoshipon: you correctly mentioned in #267 (comment) on a suggestion form @jdhayes that |
We believe the comment #267 (comment) is still governing on changes/features requests along these lines. |
you cannot easily start NGiNX on a multi-user HPC system - can you? And even if you can it does not solve the problem at akk as NGINX and Tensorboard are still running on multiuser system exposing Tensorboard at least locally |
We are facing a similar issue at our HPC center. This is already a good step forward to run TensorBoard on multi-user environment. Is it possible to use the approach of JupyterLab here by providing the path prefix as a token and user needs that token to access TensorBoard? |
Yes, I agree. HPC facilities cannot use NGINX, as the localhost is still exposed to all users on the node. Just a note, that if anyone was going to make it as a service, then NGINX would be a good option to add real authentication. The Jupyter hash/token is a good method for HPC facilities to obscure the URL such that users do not accidentally intrude. Malicious users are less of an issue, but even they would have difficulty finding the address if a hash/token was added. If reading from a file is not acceptable, could the |
Please have a look at #5570 |
I close this request for now. |
…option is helpful on multi-user systems.
authentication and authorization support #267 (comment)
We noticed open tensorboards on our shared systems
Technical description of changes
Screenshots of UI changes
Detailed steps to verify changes work correctly (as executed by you)
path_prefix_from_file is an alternativ to path_prefix, if both are given path_prefix will be used
Alternate designs / implementations considered
It would be nice to have a config-file implementation with all options for tensorboard, mybe using json or yaml format