Not encouraging users to type credentials into mybinder.org
betatim opened this issue · 7 comments
Hi!
This looks like a nice set of notebooks about a cool topic! I am part of the team that maintains mybinder.org where we see quite a bit of activity for this tutorial.
We try very hard to educate our users that they should never ever type things that they wouldn't tweet to the world into a session on mybinder.org. While individual repositories and notebook creators aren't evil there will come the day when someone creates a notebook that steals credentials or uses some other exploit to do so. For the average user it will be hard to tell if this is an evil or a friendly notebook. That is why we try and get people to never put secrets into sessions.
One of your first notebooks asks for a Bluemix password/key :-/
Is it possible to change to using https://github.com/ProjectQ-Framework/ProjectQ or something like that instead? I think Project Q let's you simulate things on a classical CPU?? Maybe with a comment about how to switch to using bluemix if you are executing things locally.
Is this something that is possible? It would be greatly appreciated. I don't really know much about the whole quantum computing landscape beyond a course I took many years ago as a PhD student :)
Hi @betatim
Project q is just simulators and we have simulators as well that do not need a token to run them. The token is the only required to run on the real devices. So there is no need for project q.
This being said we need a token for run on the real device and we want the tutorials to explain how to run on a real device and give uses access to them. So we need think about what to do maybe we cant use mybinder to host the tutorials.
@diego-plan9 @ismaelfaro @ajavadia @atilag @ewinston and @nonhermitian lets think about options here.
We could host our own JupyterHub server, and have the users play with the tutorials there. We would then control the backside where the token is passed.
@betatim thanks for your input and recommendation (and on another note, kudos to you and your team on making mybinder.org available, it's very neat!). As jay mentioned, the token is needed for being able to execute circuits in the real devices, and it's pretty central to many tutorials (as the purpose of them is exactly that).
I fully understand your concerns about passing a sensitive value without an effective way for the user to ensure that the notebook belongs to a trustable source. However, would you have some recommendation on how to achieve that (other than resorting to hosting our own)? I suspect this is not the first time you have users that for one reason or another require the final user to input some credentials, and would love to explore the options and provisions you might have encountered. Thanks!
There is no good solution really :-(
Our official stance is "just don't do it" which is simultaneously good advice and impractical. One option others have used is to have extremely time limited tokens that are obtained from the notebook via an oauth dance. I can try and find back where I saw that.
When using the tutorials for a one time event, could we just tell paticpants to regenerate their keys immediately afterwards (or do so ourselves on the backend)?
I think that the only solution is since we already use tokens then this is not user personal information we are good. But what we should have a warning in the readme if you are going to use the binder that we should advise regenerating your token after use.
Would this solution satisfy all concerns?
Thanks for the work on this and the positive attitude to someone stopping by with a grumpy "you make it harder for us to educate our users" comment :)