Re: lilypond via web interface: security considerations

[Alex]

Graham Percival wrote:
> On Thu, May 21, 2009 at 02:47:54PM -0400, Mike Blackstock wrote:
>   
> > Of course, 'security' is relative - nothing will stop a commited
> > hacker who's targeted your system, so I'm a bit mystified by
> > some of the other responses here.
> >     
>
> That's not true -- The only reason that computer security is a
> joke is that people *treat* it like a joke.  It's entirely
> possible to create a system that will foil a committed hacker.
>   
100% bullet proof security is a myth though. The complexity of computer 
systems and software is just too high. Total security is a goal you can 
approach sympotically, with more effort.... (Look at military systems. 
As interested in security as anyone would or could be, and they resort 
to 'unplug it' tactics like airgaps.)
A well looked after system could repel most or all attacks directed at 
it. But never say never.


> Now, does this involve a lot of work?  Certainly.  And consumers
> willing to pay to have this work done?  Definitely not!  But that
> doesn't mean that computer programs are some magical black box
> that anybody can break.  Barring random bit-flipping from solar
> rays, computers are deterministic objects.
>   
The people who operate them are often not so deterministic and don't 
always behave in the "optimum" way though.
> By "a lot of work", suppose that all programmers (and academics)
> stopped implementing new features and new programs in 1994, and
> spent the past 15 years just improving security.  How many holes
> do you think would be left in the result?
Not as many, but I wouldn't say zero!
lex