app/notes/20210601-0013.md
Removing Token Authentication From Jupyter/iPython Notebooks
remove-token-jupyter
1622506400
Jupyter (formerly iPython) notebooks by default require an authentication token
to access. This is because the notebooks allow users to run arbitrary code so
the token prevents access by non-authorized users. However, with a properly
secured environment (running within a local network or not binding to a public
network interface), there's little need to set an authentication token. While
the Jupyter documentation recommends using a password instead, it still doesn't
get around the fact that the default notebook configuration uses unencrypted http
connections which allow any party to intercept or modify requests, making both
tokens and passwords trivial to bypass. Therefore, to fully get rid of
authentication on a Jupyter notebook:
1. Make sure your notebook is not accessible to the wider internet.
2. Run `jupyter notebook --generate-config`
3. Uncomment the line `c.NotebookApp.token = ''` and make sure the value is set to an empty string
4. Restart your notebook server