You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/concept-secure-code-best-practice.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,12 +21,12 @@ In Azure Machine Learning, you can upload files and content from any source into
21
21
22
22
## Potential threats
23
23
24
-
Development with Azure Machine Learning often involves web-based development environments (Notebooks & Azure Machine Learning studio). When using web-based development environments, the potential threats are:
24
+
Development with Azure Machine Learning often involves web-based development environments (Notebooks & Azure Machine Learning studio). When you use web-based development environments, the potential threats are:
25
25
26
26
*[Cross site scripting (XSS)](https://owasp.org/www-community/attacks/xss/)
27
27
28
28
*__DOM injection__: This type of attack can modify the UI displayed in the browser. For example, by changing how the run button behaves in a Jupyter Notebook.
29
-
*__Access token/cookies__: XSS attacks can also access local storage and browser cookies. Your Azure Active Directory (AAD) authentication token is stored in local storage. An XSS attack could use this token to make API calls on your behalf, and then send the data to an external system or API.
29
+
*__Access token/cookies__: XSS attacks can also access local storage and browser cookies. Your Azure Active Directory (Azure AD) authentication token is stored in local storage. An XSS attack could use this token to make API calls on your behalf, and then send the data to an external system or API.
30
30
31
31
*[Cross site request forgery (CSRF)](https://owasp.org/www-community/attacks/csrf): This attack may replace the URL of an image or link with the URL of a malicious script or API. When the image is loaded, or link clicked, a call is made to the URL.
32
32
@@ -49,7 +49,7 @@ __Recommended actions__:
49
49
50
50
## Azure Machine Learning compute instance
51
51
52
-
Azure Machine Learning compute instance hosts __Jupyter__ and __Jupyter Lab__. When using either, cells in a notebook or code in can output HTML documents or fragments that contain malicious code. When the output is rendered, the code can be executed. The same threats also apply when using__RStudio__ and __Posit Workbench (formerly RStudio Workbench)__ hosted on a compute instance.
52
+
Azure Machine Learning compute instance hosts __Jupyter__ and __Jupyter Lab__. When you use either, cells in a notebook or code in can output HTML documents or fragments that contain malicious code. When the output is rendered, the code can be executed. The same threats also apply when you use__RStudio__ and __Posit Workbench (formerly RStudio Workbench)__ hosted on a compute instance.
0 commit comments