For the default Python install, if a user starts a notebook via an ssh session (eg. jupyter-notebook --port=<port#> --ip=<LPAR’s ip>), it sends them a token via their terminal. If a user submits the same command using BPXBATCH however, this token is printed to the batch job’s output (STDERR). This would allow anyone who can read the job’s output on the JES queue to use the token to execute code as the user that submitted the batch job.
How have others stopped users from doing this?