[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: weblily: security risk
From: |
Han-Wen Nienhuys |
Subject: |
Re: weblily: security risk |
Date: |
Wed, 10 Mar 2010 21:29:59 -0300 |
this is what weblily wrote to me a couple of weeks ago.
**
Hi Han-Wen,
I've continued to work on weblily.net. Now it looks to me almost like
something useful. Of cource, I've taken your advice and now LilyPond
is running in a jail.
Quite cool: I modified the notation reference: When you click on one
of the examples, it will be opened in weblily.net's editor.
Cheers,
Weblily
**
On Wed, Mar 10, 2010 at 5:21 PM, Graham Percival
<address@hidden> wrote:
> Mr. Weblily,
>
> I like your enthusiasm with your weblily project, but for Mao's
> sake please learn something about computer security. The current
> website is completely insecure.
>
> This is not a theoretical concern. It would take me approximately
> two minutes to delete everything in your /home/lily/ directory --
> not just material in /home/lily/scores/.
>
>
> I wouldn't do this, of course -- but if a non-expert like me could
> do this so quickly, I'm certain that an experienced and malicious
> hacker could do far worse. Such as taking over your machine and
> using it to attack other websites, distributing child porn, or
> whatever.
>
> If you want to continue to run your project without any regard for
> security, that's your business, but I want it understood that
> YOU HAVE COMPLETELY DISREGARDED ALL COMMON SENSE AND HAVE NOT READ
> THE MATERIAL ABOUT SECURITY IN OUR DOCUMENTATION. YOU RUN
> LILYPOND IN THIS FASHION COMPLETELY AT YOUR OWN RISK, AND IF THE
> GERMAN EQUIVALENT OF THE FBI COMES KNOCKING ON YOUR DOOR ASKING
> WHY YOU ARE DISTRIBUTING RIPS OF HOLLYWOOD MOVIES OR PIRATED
> COMMERCIAL SOFTWARE, YOU CANNOT BLAME LILYPOND.
>
> The internet is not a playground. If you're going to hand
> complete control over your server to other people, you might not
> like the consequences.
>
> - Graham Percival
>
>
> _______________________________________________
> lilypond-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/lilypond-devel
>
--
Han-Wen Nienhuys - address@hidden - http://www.xs4all.nl/~hanwen