MathGroup Archive 2000

[Date Index] [Thread Index] [Author Index]

Search the Archive

Re: Security considerations in Mathematica&J/Link

  • To: mathgroup at smc.vnet.net
  • Subject: [mg25130] Re: Security considerations in Mathematica&J/Link
  • From: Jeffrey S Austin <w8jsa at exis.net>
  • Date: Sun, 10 Sep 2000 03:14:49 -0400 (EDT)
  • References: <8p9l1l$1uu@smc.vnet.net>
  • Sender: owner-wri-mathgroup at wolfram.com

Murphy wrote:

> yo group (& especially Todd Gayley),
>
> I am trying to write something of a Mathematica FrontEnd for the Web using
> J/Link & Servlets;
>
> the problem is the security;
> by allowing the user to evaluate arbitrary expressions, I'm opening a HUGE
> backdoor in the website;
>
> there have been discussions in my company that the feature set should be
> reduced to simply allowing the
> user to enter the function in a plot expression & also checking for eg.
> Filesystem and equally dangerous
> functions;
>
> but you can restrict as much as you want, potential crackers will always
> find a way;
> whether its by placing a pure function somewhere  that somehow calls a
> dangerous function
> or by using a more indirect way like BufferOverflows or exploiting one of
> the numerous Mathematica bugs;
>
> my questions are:
> - does anyone have any experience with something like that?
>
> - to Todd Gayley: have you considered security for mathematica or J/Link?
>    since WRI is trying to place J/Link as a tool for web applications
> (according to the website),
>    that might be one of the things to do;
>    (of course I know that J/Link is only a Layer on top of mathematica & so
> can't really do much about
>     security by itself,  but since you're a Java programmer I thought you
> might have some ideas/thoughts in
>    this direction);
>
> thanx in advance,
> murphee
>
>

You can set up a single computer network that isn't physically tied to any other computer if you're concerned about security. BSD would be my suggestion for an O/S.

--
Jeffrey S Austin
Civil Engineering Student
Old Dominion University
http://users.exis.net/~w8jsa/ce_links.htm





  • Prev by Date: Evaluate a string
  • Next by Date: Re: Security considerations in Mathematica&J/Link
  • Previous by thread: Security considerations in Mathematica&J/Link
  • Next by thread: Re: Security considerations in Mathematica&J/Link