Python Interactive Window starts up Jupyter server listening on localhost, open to all #2777
Comments
|
Oops, closed accidentally |
|
This is not an issue because even though it opens that port, it won't accept traffic unless you provide the token. We don't expose the token anywhere, so our app is the only thing that can talk to that port. Here's what you get if you just type in http://localhost:8888 from a browser after we start it: |
|
I'm able to actually login and use the jupyter notebook that VS Code launches, and I've confirmed I don't have any other jupyter servers up. Potentially related to having cookies for this jupyter server when run in a different context. It's more concerning that the extension doesn't warn that a globally listening server is launched (eating a port, but that's less important). Further, there is an alternative that has none of these issues: use the unix domain sockets which NT supports too, or embed the ipython shell. |
|
Yes cookies will make it work on your local box. But if you try from somewhere else it won't be available (or if you clear your cookies). |
|
Note: Unix Domain Sockets likely requires support from Jupyter Server as they're the one opening the port. |
|
Jupyter issue about this already: |
|
Thanks for the feedback, @nimish. We're going to close because we believe this is a jupyter issue. |
Bug: Notebook Editor, Interactive Window, Python Editor cells
Steps to cause the bug to occur
Actual & Expected behavior
Actual: It's not a great idea to spin up a globally-listening server that can execute arbitrary code as a side effect of an IDE
Expected: the jupyter server is accessed using UNIX domain sockets/ whatever NT uses: jupyter/notebook#4835
Your Jupyter and/or Python environment
VS Code latest, mac OS 10.15
The text was updated successfully, but these errors were encountered: