Merge branch 'latest' into develop

OSC · Jul 17, 2024 · 7a03906 · 7a03906
2 parents 9de4ef5 + ab1b45e
commit 7a03906
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/source/customizations.rst b/source/customizations.rst
@@ -395,6 +395,8 @@ Note that this will limit the download size for all users of the Open OnDemand i
 
    Values like ``1000M`` or ``20G`` will not be accepted and may cause errors.
 
+.. _set-file-allowlist:
+
 Block or Allow Directory Access
 -------------------------------
 

diff --git a/source/security.rst b/source/security.rst
@@ -23,10 +23,19 @@ Limitations
 
 - **HTTP Traffic to Origin Servers**: Traffic to backend services, including computational resources like Jupyter servers, is currently over HTTP, which is unencrypted. Plans are underway to upgrade this to HTTPS to ensure encryption of data in transit, thereby bolstering security.
 
-Security Controls
------------------
+Controls
+^^^^^^^^
 
-- **Monitoring and Logging**: Comprehensive logging mechanisms are integral for security audits and incident response. Detailed guidelines and settings for these features can be found at :ref:`logging`.
+These are things the the out of the box OnDemand installation will provide
+that some centers may want to change or disable altogether.
+
+- **File Access**: OnDemand lets users navigate the file system. While file permissions
+  limit what a user can view and navigate to, some centers may want to limit this even further.
+  One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.
+
+
+Additional Information
+----------------------
 
 - **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.