From 87e2dc7b8ee14076f62ac84913e2029bdebabc5d Mon Sep 17 00:00:00 2001 From: Matthias Bussonnier Date: Mon, 27 Aug 2018 18:37:20 -0700 Subject: [PATCH] FAQ+Security advice --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index f7b2676..862929f 100644 --- a/README.md +++ b/README.md @@ -38,3 +38,18 @@ they can log in. Users can be created via the admin panel or by setting whitelist / admin list. Defaults to True. + +## FAQ ## + +#### Why have a password DB and not use PAM ? + +For security Reasons. Users are likely to set an, insecure password at +login time, and you do not want a brute-force/dictionary attack to manage to +login by attacking via ssh or another mean. + +## Security + +When using `FirstUseAuthenticator` it is advised to automatically prepend the +name of the user with a known-prefix (for example `jupyter`). This would prevent +for example, someone to log-in as `root`, as the created user would be +`jupyter-root`.