Skip to content

Commit

Permalink
Merge branch 'latest' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
osc-bot committed Jul 17, 2024
2 parents 9de4ef5 + ab1b45e commit 7a03906
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
2 changes: 2 additions & 0 deletions source/customizations.rst
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,8 @@ Note that this will limit the download size for all users of the Open OnDemand i

Values like ``1000M`` or ``20G`` will not be accepted and may cause errors.

.. _set-file-allowlist:

Block or Allow Directory Access
-------------------------------

Expand Down
15 changes: 12 additions & 3 deletions source/security.rst
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,19 @@ Limitations

- **HTTP Traffic to Origin Servers**: Traffic to backend services, including computational resources like Jupyter servers, is currently over HTTP, which is unencrypted. Plans are underway to upgrade this to HTTPS to ensure encryption of data in transit, thereby bolstering security.

Security Controls
-----------------
Controls
^^^^^^^^

- **Monitoring and Logging**: Comprehensive logging mechanisms are integral for security audits and incident response. Detailed guidelines and settings for these features can be found at :ref:`logging`.
These are things the the out of the box OnDemand installation will provide
that some centers may want to change or disable altogether.

- **File Access**: OnDemand lets users navigate the file system. While file permissions
limit what a user can view and navigate to, some centers may want to limit this even further.
One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.


Additional Information
----------------------

- **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.

Expand Down

0 comments on commit 7a03906

Please sign in to comment.