MathGroup Archive 2000

[Date Index] [Thread Index] [Author Index]

Search the Archive

Security considerations in Mathematica&J/Link

  • To: mathgroup at smc.vnet.net
  • Subject: [mg25088] Security considerations in Mathematica&J/Link
  • From: Murphy <werner.schuster at netway.at>
  • Date: Thu, 7 Sep 2000 22:28:48 -0400 (EDT)
  • Sender: owner-wri-mathgroup at wolfram.com

yo group (& especially Todd Gayley),

I am trying to write something of a Mathematica FrontEnd for the Web using 
J/Link & Servlets;

the problem is the security;
by allowing the user to evaluate arbitrary expressions, I'm opening a HUGE 
backdoor in the website;

there have been discussions in my company that the feature set should be 
reduced to simply allowing the
user to enter the function in a plot expression & also checking for eg. 
Filesystem and equally dangerous
functions;

but you can restrict as much as you want, potential crackers will always 
find a way;
whether its by placing a pure function somewhere  that somehow calls a 
dangerous function
or by using a more indirect way like BufferOverflows or exploiting one of 
the numerous Mathematica bugs;

my questions are:
- does anyone have any experience with something like that?

- to Todd Gayley: have you considered security for mathematica or J/Link?
   since WRI is trying to place J/Link as a tool for web applications 
(according to the website),
   that might be one of the things to do;
   (of course I know that J/Link is only a Layer on top of mathematica & so 
can't really do much about
    security by itself,  but since you're a Java programmer I thought you 
might have some ideas/thoughts in
   this direction);

thanx in advance,
murphee

   



  • Prev by Date: Rounding Numbers in for output in GridBox
  • Next by Date: Re: Exporting to MS Word
  • Previous by thread: Re: Rounding Numbers in for output in GridBox
  • Next by thread: Re: Security considerations in Mathematica&J/Link