lilypond-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lilypond via web interface: security considerations

From: Alex
Subject: Re: lilypond via web interface: security considerations
Date: Mon, 18 May 2009 15:12:16 +0100
User-agent: Thunderbird 2.0.0.21 (Windows/20090302) 
Graham Percival wrote:

#(system 'rm -rf /')
or something like that.

Search the mailist archives on this list and the -devel list for a
discussion.  In summary:
1) somebody could wipe out anything that the web interface
software can touch.
3) somebody could read anything that the web interface software
can read.
2) somebody could use up as many resources as you're willing to
give the web interface.

We know how to solve these issues, but nobody has offered to work
on them, so they remain unsolved.

Clearly I'll have to be very careful about what is permitted!
When you say that you know how to solve these issues - can you elaborate please? Do you mean in terms of the changes required to lilypond to enable a "locked down" mode, or something else? 
lex
reply via email to
[Prev in Thread] Current Thread [Next in Thread]