Re: lilypond via web interface: security considerations

[Graham Percival]

#(system 'rm -rf /')
or something like that.

Search the mailist archives on this list and the -devel list for a
discussion.  In summary:
1) somebody could wipe out anything that the web interface
software can touch.
3) somebody could read anything that the web interface software
can read.
2) somebody could use up as many resources as you're willing to
give the web interface.

We know how to solve these issues, but nobody has offered to work
on them, so they remain unsolved.

Cheers,
- Graham

On Mon, May 18, 2009 at 02:17:00PM +0100, Alex wrote:
> I'm wanting to run lilypond behind a web interface as a free tool that
> anyone can use. The proof-of-concept seems to work fine. Now I'm
> thinking of security considerations. In particular, what input to
> lilypond is possible that could have nuisance or destructive effect?
>
> lex
>
>
>
>
> _______________________________________________
> lilypond-user mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/lilypond-user