Project have a "raw server" that serves files from the project on localhost. In cocalc-docker this makes it so any one user could read and write files to any other project by playing around with wget and curl on localhost. They would have to work to find the right port, but with some effort it could be done. This is an explicitly documented "local exploit" in our README.md.

The point of this issue is to fix this by making it so that server has an authentication key that has to be used. Only the main hub process connects to the raw server (by proxying traffic), and it would know the auth key (which is the project's secret_token, which is long, random, and changed whenever the project starts). It would then include this auth key with http requests that it proxies along.

There is one other security issue involving Jupyter Notebook and Jupyter Lab: #46, #47.

This should actually be solved by using unix domain sockets.