This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin-site.git
The following commit(s) were added to refs/heads/master by this push:
new e9e115c74 Add a caution for executable verification
e9e115c74 is described below
commit e9e115c74c1ab828514eb9ecc0138711c301a6e9
Author: Jongyoul Lee <[email protected]>
AuthorDate: Sun Feb 25 00:15:59 2024 +0900
Add a caution for executable verification
---
security.md | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/security.md b/security.md
index b99cdf612..fc7482c8f 100644
--- a/security.md
+++ b/security.md
@@ -82,6 +82,14 @@ trusted users access to Zeppelin. Specifically, unless
Docker or K8s
isolation has been configured as mentioned above, users technically
have access to all notes by other users.
+## Executable verification
+
+When running Zeppelin service, be mindful that it utilizes executables
+which might be pre-installed on your server or container. These
+executables could potentially be altered for malicious purposes.
+To mitigate this risk, it's recommended to set the paths to trusted
+locations for these executables, such as PYTHON and SPARK_HOME.
+
# Reporting security issues
If you have found a potential security issue in Zeppelin,
