Re: Re: Security considerations in Mathematica&J/Link
- To: mathgroup at smc.vnet.net
- Subject: [mg25164] Re: [mg25131] Re: Security considerations in Mathematica&J/Link
- From: "Tom Compton" <comptont at concentric.net>
- Date: Tue, 12 Sep 2000 02:58:50 -0400 (EDT)
- Organization: Concentric Internet Services
- References: <8phceh$gag@smc.vnet.net>
- Sender: owner-wri-mathgroup at wolfram.com
There are several things one can do: 1. One can filter the cgi input from the browser so as to eliminate many of the commands that could cause harm. One can do this with Mathematica or with a script. 2. One can eliminate functions from Mathematica that could cause problems. 3. One can keep Mathematica from writing any files 4. One can run Mathematica in a chroot structure with no other programs available. 5. One can limit the amount of disk space that can be written on the server. 6. One can limit the time that a process has for execution. The above won't stop all possibilities, but can be workable. Tom Compton www.HostSRV.com Murphy <werner.schuster at netway.at> wrote in message news:8phceh$gag at smc.vnet.net... > At 03:14 10.09.00 -0400, you wrote: > >Surely someone has thought a little about it; otherwise > >you could try breaking into WRI's integrator program. For example, > > > >Integrate [ ShellCommand["rm *"], x] > > > > > >In a "purely functional" subset of Mathematica you could do > >no input or output, you could not assign any values. Then if > >you limit the amount of time and space consumed you are on the > >right track. I suggest you remove ALL functionality not needed > >by clearing function definitions of irrelevant commands. > > > >But you seem to be interested in making a browser out of > >Mathematica... why care if he wrecks his own machine? > >RJF > > it's the other way around, I try to turn the Browser into a Mathematica > FrontEnd; > so you can access notebooks over the web (Internet/Intranet); > this could eg. be used for Training; instead of setting up mathematica on every > single computer in a classroom, you put it on one computer (the server) and > the students > can access the prepared notebooks using their browser and work with them > just like > with the real FrontEnd; > > or say you wrote some mathematica package that you want to sell; you could put > this notebook on your webserver (+ the software that connects mathematica > to the web) > and allow users to test your package (like a demoversion); > > > but that are just possible ideas, at the moment its not more than a little > non-serious experiment > (just to make sure I wont have 50 laywers standing at my door tomorrow > trying to sue > me for license abuse ;-) ) > > murphee > >