Security issues have been taken care of while designing IPython's architecture. The capability-based client authentication model, along with the SSH-tunneled TCP/IP channels, manages the main potential security issues and allows users to utilize the IPython cluster in open networks.
There is no security provided by ZeroMQ. Hence, SSH tunnels are the main source for establishing a secure connection. The Client
object fetches information about the establishment of a connection to the controller from the ipcontroller-client.json
file, and then it creates tunnels using OpenSSH/Paramiko.
It also uses the concept of HMAC digests to sign messages using a shared key that protects the users of shared machines. There is a session object that handles the message protocol. This object verifies the validity of messages using a unique key. By default, this key is a 128-bit pseudo-random number, similar to the number generated by uuid.uuid4()
. Generally, during parallel computations...