|
From: | Alex |
Subject: | Re: lilypond via web interface: security considerations |
Date: | Mon, 18 May 2009 15:12:16 +0100 |
User-agent: | Thunderbird 2.0.0.21 (Windows/20090302) |
Graham Percival wrote:
#(system 'rm -rf /') or something like that. Search the mailist archives on this list and the -devel list for a discussion. In summary: 1) somebody could wipe out anything that the web interface software can touch. 3) somebody could read anything that the web interface software can read. 2) somebody could use up as many resources as you're willing to give the web interface. We know how to solve these issues, but nobody has offered to work on them, so they remain unsolved.
Clearly I'll have to be very careful about what is permitted!When you say that you know how to solve these issues - can you elaborate please? Do you mean in terms of the changes required to lilypond to enable a "locked down" mode, or something else?
lex
[Prev in Thread] | Current Thread | [Next in Thread] |