Mito's Security Model

As users share notebooks with Mito inside of them, it is important that Mito does not expose users to malicious code, or publicly reveal code that should be private. This page describes Mito's security model, which ensure users remain safe when working with other user's notebooks. Our security model is a fairly obvious adaptation of the Jupyter Notebook security model, which you can read here.

The Problem

Imagine Alice creates a notebook in which she uses Mito to read in a CSV file and add a column with a formula. Alice then sends this notebook to Bob.
Bob wants to be able to confidently run the code that creates that the Mitosheet that Alice used, without having to worry that the formula Alice wrotes somehow manipulates his computer in a way he doesn't expect.
Much like the standard Jupyter security model, the security problem we need to solve is that no code should execute just because a user has recreated a mitosheet that they did not create initially.

The Solution

If Bob runs a mitosheet.sheet call that replays an analysis that was created by Alice, he will be prompted to trust this analysis before any code from this analysis runs. This ensures that he manually opts into running code that was created by Alice.
Within the notebook it's used, Mito stores a signature from the last editor of the analysis along with the analysis data itself. Thus, when Bob goes to replay Alice's mitosheet.sheet call, Mito can detect that Bob was not the last person to edit this analysis, and prompt him to manually trust this analysis before rerunning it.