Security of Jupyter notebooks
A notebook from a different core version, and especially a different user, will be tagged as "Untrusted" due to security concerns.
The best reference here is: http://jupyter-notebook.readthedocs.io/en/stable/security.html which contains detailed explanations of:
- Shared security
- Authentication SQLite database:
When you have decided to trust a notebook the quickest way is via
jupyter trust /PATH/TO/notebook.ipynb.
Also, within the Jupyter browser interface, one can perform
the same operation under the menu item called "File".
A fecon235 notebook obtained through its GitHub repository is secure. Release tags are cryptographically signed, and can be verified through a third-party such as GitHub. See https://git.io/fecon235
Under the hood
@takluyver, a core developer, provides some interesting details:
Notebooks can contain two kinds of code: Code in code cells. This you just have to look at before you run it and decide if what it's doing looks reasonable. It doesn't do anything until you explicitly run those cells, so it's not a worry when loading the notebook.
Markdown cells are sanitised even for trusted notebooks, so they're safe.
Trust is based on signing the notebook content. So if you've had an identical notebook at some point which was trusted, another copy of the file will also be trusted even if it's a fresh download.
Reporting security bugs
First, see if there is a similar open issue at https://github.com/jupyter/help/issues then if necessary, create a new issue for a friendly response.
For extremely serious bugs, contact firstname.lastname@example.org
Latest revision at https://git.io/trustnb | This document date : 2018-06-21