Azure Notebooks security and presentation traps

%3CLINGO-SUB%20id%3D%22lingo-sub-137638%22%20slang%3D%22en-US%22%3EAzure%20Notebooks%20security%20and%20presentation%20traps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-137638%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20time%20ago%20I%20found%20Azure%20Notebooks%20service%20based%20on%20Jupyter%20Notebooks.%20Cool%20and%20simple%20stuff%20to%20present%20your%20content%20with%20Markdown%20syntax.%20Even%20cooler%20when%20you%20can%20run%20code%20in%20it.%20In%20Azure%20Notebooks%20you%20can%20query%20Azure%20SQL%20database.%20Imagine%20possibilities%20of%20documenting%20db%20in%20a%20simple%20and%20clean%20way.%20This%20is%20where%20%22challenges%22%20came%20up%3A%3C%2FP%3E%0A%3CP%3E1.%20I%20don't%20want%20to%20hit%20the%20content%20consumer%20with%20too%20much%20code%20so%20I%20want%20to%20hide%20the%20code%20but%20present%20the%20output.%20There%20are%20many%20ways%20of%20doing%20that%20but%20every%20method%20I%20applied%20ended%20up%20with%20code%20being%20visible%20because%20of%3A%26nbsp%3B%3CSPAN%3E%3CINLINE%20script%3D%22%22%20removed%3D%22%22%20for%3D%22%22%20security%3D%22%22%20reasons%3D%22%22%3E.%20How%20to%20avoid%20this%20(only%20simple%20solution%20i%20is%20worthy)%3F%3C%2FINLINE%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E2.%20Anyone%20who%20has%20a%20link%20to%20the%20notebook%20can%20download%20a%20copy.%20It's%20downloaded%20as%20JSON%20and%20when%20you%20open%20it...%20Ups...%20All%20passwords%20and%20usernames%20are%20visible.%20I%20know%2C%20I%20know%20it's%20naive%20to%20think%20that%20it%20will%20be%20coded%20somehow.%20And%20again%3A%20is%20there%20a%20simple%20and%20easy%20way%20to%20hide%20credentials%20in%20the%20notebook%3F%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThis%20tool%20is%20powerful%20but%20for%20people%20not%20familiar%20with%20python%20or%20.js%20this%20two%20problems%20may%20stop%20them%20to%20use%20this%20tool.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-137638%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Some time ago I found Azure Notebooks service based on Jupyter Notebooks. Cool and simple stuff to present your content with Markdown syntax. Even cooler when you can run code in it. In Azure Notebooks you can query Azure SQL database. Imagine possibilities of documenting db in a simple and clean way. This is where "challenges" came up:

1. I don't want to hit the content consumer with too much code so I want to hide the code but present the output. There are many ways of doing that but every method I applied ended up with code being visible because of: <inline script removed for security reasons>. How to avoid this (only simple solution i is worthy)?

2. Anyone who has a link to the notebook can download a copy. It's downloaded as JSON and when you open it... Ups... All passwords and usernames are visible. I know, I know it's naive to think that it will be coded somehow. And again: is there a simple and easy way to hide credentials in the notebook?

This tool is powerful but for people not familiar with python or .js this two problems may stop them to use this tool.

0 Replies