[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Axiom-developer] FW: [Axiom-mail] Axiom on the Web
|
From: |
Bill Page |
|
Subject: |
[Axiom-developer] FW: [Axiom-mail] Axiom on the Web |
|
Date: |
Thu, 15 Jul 2004 11:02:56 -0400 |
-----Original Message-----
From: Bill Page [mailto:address@hidden
Sent: Thursday, July 15, 2004 10:46 AM
To: 'Mike Dewar'
Subject: RE: [Axiom-mail] Axiom on the Web
Mike,
Thank you very much for this observation. I am trying to plug such security
holes and have just added )lisp, )fin and )spool to the list of disabled
commands. If you try your test again you should see that it fails with a
reasonable error message.
It is a pity that we have to lock out lisp access. I wonder if anyone has
done any work on a "secure mode" for lisp?
About performance. This system collects all the Axiom commands embedded in a
web page and internally prepares a script that is run by Axiom as a batch.
The output is parsed and re-inserted back into the code for the web page.
This happens only once when the user clicks Save.
The LaTeX rendering done by the LatexWiki component which calls the
combination of latex+dvips+ghostscript is likewise done only once. Moreover
the images that it creates for inclusion in the final web page are cached
based on the LaTeX code that created them. These are keep in an "image
repository" so latex et al are never called more than once for each such
construct.
Regards,
Bill Page.
> -----Original Message-----
> From: Mike Dewar [mailto:address@hidden
> Sent: Thursday, July 15, 2004 5:36 AM
> To: Bill Page
> Cc: Mike Dewar
> Subject: Re: [Axiom-mail] Axiom on the Web
>
>
> Hi Bill,
>
> This is very nice, and not as slow as I expected it would be.
>
> There is a problem with this kind of set-up in that an
> unscrupulous user can get access to your machine via Axiom's
> underlying Lisp system. Unfortunately its impossible to make
> the Lisp system completely secure without disabling file I/O
> which of course stops you opening libraries, databases etc.
> However you might want to disable ")lisp" in the interpreter
> and the lisp system command, both of which seem to be working
> at present, i.e. stop people doing
> )lisp (system "cat /etc/passwd")
> :-)
>
> Cheers, Mike.
>
> On Thu, Jul 15, 2004 at 02:31:41AM -0400, Bill Page wrote:
> > Dear Axiom Users:
> >
> > Now you can try Axiom online with only a web browser!
> >
> > http://page.axiom-developer.org
> >
> > Use the "wiki" feature to insert Axiom commands into a web
> page. When
> > you click Save you will see the output generated by Axiom
> displayed as
> > nicely formatted mathematics.
> >
> ...
- [Axiom-developer] FW: [Axiom-mail] Axiom on the Web,
Bill Page <=