MathGroup Archive 2000

[Date Index] [Thread Index] [Author Index]

Search the Archive

Re: Security considerations in Mathematica&J/Link

  • To: mathgroup at smc.vnet.net
  • Subject: [mg25102] Re: Security considerations in Mathematica&J/Link
  • From: Jens-Peer Kuska <kuska at informatik.uni-leipzig.de>
  • Date: Sun, 10 Sep 2000 03:14:27 -0400 (EDT)
  • Organization: Universitaet Leipzig
  • References: <8p9l1l$1uu@smc.vnet.net>
  • Sender: owner-wri-mathgroup at wolfram.com

Hi,

a) putting a Mathematica interface on the www will
   probably violate our license conditions

b) AFIK Wolfram offer a special "secure kernel"
   for www scripting

c) you can Remove[DeleteFile] ... and all the things
   that are dangerous when the kernel starts

d) Mathematica has no bugs -- it is called "special feature"  

Regards
  Jens

Murphy wrote:
> 
> yo group (& especially Todd Gayley),
> 
> I am trying to write something of a Mathematica FrontEnd for the Web using
> J/Link & Servlets;
> 
> the problem is the security;
> by allowing the user to evaluate arbitrary expressions, I'm opening a HUGE
> backdoor in the website;
> 
> there have been discussions in my company that the feature set should be
> reduced to simply allowing the
> user to enter the function in a plot expression & also checking for eg.
> Filesystem and equally dangerous
> functions;
> 
> but you can restrict as much as you want, potential crackers will always
> find a way;
> whether its by placing a pure function somewhere  that somehow calls a
> dangerous function
> or by using a more indirect way like BufferOverflows or exploiting one of
> the numerous Mathematica bugs;
> 
> my questions are:
> - does anyone have any experience with something like that?
> 
> - to Todd Gayley: have you considered security for mathematica or J/Link?
>    since WRI is trying to place J/Link as a tool for web applications
> (according to the website),
>    that might be one of the things to do;
>    (of course I know that J/Link is only a Layer on top of mathematica & so
> can't really do much about
>     security by itself,  but since you're a Java programmer I thought you
> might have some ideas/thoughts in
>    this direction);
> 
> thanx in advance,
> murphee
> 
>


  • Prev by Date: Re: Security considerations in Mathematica&J/Link
  • Next by Date: RE: Rounding Numbers in for output in GridBox
  • Previous by thread: Re: Security considerations in Mathematica&J/Link
  • Next by thread: Re: Security considerations in Mathematica&J/Link