External Communications
Cloudera Data Science Workbench uses HTTP and WebSockets (WS) to support interactive connections to the Cloudera Data Science Workbench web application. However, these connections are not secure by default.
For secure, encrypted communication, Cloudera Data Science Workbench can be configured to use a TLS termination proxy to handle incoming connection requests. The termination proxy server will decrypt incoming connection requests and forward them to the Cloudera Data Science Workbench web application.
The Cloudera Data Science Workbench documentation describes two
different approaches to TLS termination: internal and external TLS
termination. Both provide a secure TLS connection between users
and Cloudera Data Science Workbench. If you require more control over
the TLS protocol and cipher suite, we recommend external termination.
Both approaches require TLS certificates that list both, the Cloudera
Data Science Workbench domain, as well as a wildcard for all first-level
subdomains. For example, if the Cloudera Data Science Workbench domain
is cdsw.<your_domain>.com
, then the TLS certificate
must include both cdsw.<your_domain>.com
and
*.cdsw.<your_domain>.com
.
Browser Security
Cloudera Data Science Workbench also allows you to customize the HTTP headers accepted by Cloudera Data Science Workbench. The list of security headers enabled by default can be found in the documentation here: HTTP Headers. Disabling these features could leave your Cloudera Data Science Workbench deployment vulnerable to clickjacking, cross-site scripting (XSS), or any other injection attacks.