MathGroup Archive 2005

[Date Index] [Thread Index] [Author Index]

Search the Archive

Re: Re: New Web Site for Mathematica Users using WikiMedia

  • To: mathgroup at smc.vnet.net
  • Subject: [mg54005] Re: [mg53993] Re: New Web Site for Mathematica Users using WikiMedia
  • From: Andrzej Kozlowski <akoz at mimuw.edu.pl>
  • Date: Mon, 7 Feb 2005 03:12:48 -0500 (EST)
  • References: <200502060545.AAA12252@smc.vnet.net>
  • Sender: owner-wri-mathgroup at wolfram.com

I don't think there is any way to run a notebook just on opening it 
without the user's consent. One can include initialisation cells but 
the user will be asked if he wants to evaluate them or not.

The ore likely risk is including hidden malicious concealed within 
useful code. A simple way to do it in a note book would be to use white 
colour for the font of the malicious code.  Below is an example. If you 
paste it into a notebook look at it and then evaluate you may be 
surprised by the output. Unfortunately using the MathReader (as I 
suggested earlier) is not the answer here.

Andrzej Kozlowski



Cell[BoxData[
     FormBox[
       RowBox[{
         StyleBox[
           RowBox[{"Plot", "[",
             RowBox[{
               RowBox[{"x", "^", "2"}], ",",
               RowBox[{"{",
                 RowBox[{"x", ",",
                   RowBox[{"-", "1"}], ",", "1"}], "}"}]}], "]"}],
           FontColor->GrayLevel[1]], ";",
         RowBox[{"1", "+", "1"}]}], TraditionalForm]], "Input",
   CellLabel->"In[1]:="]









On 6 Feb 2005, at 05:45, Bill Rowe wrote:

> On 2/5/05 at 3:15 AM, murray at math.umass.edu (Murray Eisenberg)
> wrote:
>
>> A Mathematica notebook is just a text file, after all.  So a good
>> precaution would be to open such a downloaded notebook in a text
>> editor, e.g., Notepad on Windows, before ever attempting to open
>> the notebook in Mathematica.
>
> I don't see this as very useful to address the possibility of a 
> malicious notebook. While notebooks can be easily opened with anything 
> that opens a text file, that will show all of the typesetting 
> directives as well as the Mathematica code. The result is something 
> quite difficult to read and understand. If the notebook were 
> reasonably complex, even an experienced user would be likely to miss 
> malicious code when viewing a notebook in a text editor.
>
> OTOH, I do not see the threat of malicious notebooks as significant.
>
> Persons who write malicious code to do damage are going to want to see 
> as much damage as possible done. The rather small number of 
> Mathematica users as compared to computer users in general would not 
> make targeting Mathematica users attractive to such a person.
>
> I also strongly believe the set of persons motivated to write 
> malicious code and motivated to learn and use Mathematica is a null 
> set.
>
> Finally, I don't see any way to have malicious code in a notebook 
> execute by simply opening the notebook with Mathematica. And it is 
> much easier to understand the function of a notebook opened in 
> Mathematica than when that notebook is opened in a text editor.
> --
> To reply via email subtract one hundred and four
>
>


  • Prev by Date: Re: Re: Contour Integration
  • Next by Date: Re: JLink
  • Previous by thread: Re: New Web Site for Mathematica Users using WikiMedia
  • Next by thread: Collect and manipulate subexpressions