Re: Security considerations in Mathematica&J/Link
- To: mathgroup at smc.vnet.net
- Subject: [mg25130] Re: Security considerations in Mathematica&J/Link
- From: Jeffrey S Austin <w8jsa at exis.net>
- Date: Sun, 10 Sep 2000 03:14:49 -0400 (EDT)
- References: <8p9l1l$1uu@smc.vnet.net>
- Sender: owner-wri-mathgroup at wolfram.com
Murphy wrote: > yo group (& especially Todd Gayley), > > I am trying to write something of a Mathematica FrontEnd for the Web using > J/Link & Servlets; > > the problem is the security; > by allowing the user to evaluate arbitrary expressions, I'm opening a HUGE > backdoor in the website; > > there have been discussions in my company that the feature set should be > reduced to simply allowing the > user to enter the function in a plot expression & also checking for eg. > Filesystem and equally dangerous > functions; > > but you can restrict as much as you want, potential crackers will always > find a way; > whether its by placing a pure function somewhere that somehow calls a > dangerous function > or by using a more indirect way like BufferOverflows or exploiting one of > the numerous Mathematica bugs; > > my questions are: > - does anyone have any experience with something like that? > > - to Todd Gayley: have you considered security for mathematica or J/Link? > since WRI is trying to place J/Link as a tool for web applications > (according to the website), > that might be one of the things to do; > (of course I know that J/Link is only a Layer on top of mathematica & so > can't really do much about > security by itself, but since you're a Java programmer I thought you > might have some ideas/thoughts in > this direction); > > thanx in advance, > murphee > > You can set up a single computer network that isn't physically tied to any other computer if you're concerned about security. BSD would be my suggestion for an O/S. -- Jeffrey S Austin Civil Engineering Student Old Dominion University http://users.exis.net/~w8jsa/ce_links.htm