lilypond-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weblily: security risk

From: Han-Wen Nienhuys
Subject: Re: weblily: security risk
Date: Wed, 10 Mar 2010 21:29:59 -0300 
this is what weblily wrote to me a couple of weeks ago.

**
Hi Han-Wen,

I've continued to work on weblily.net. Now it looks to me almost like
something useful. Of cource, I've taken your advice and now LilyPond
is running in a jail.

Quite cool: I modified the notation reference: When you click on one
of the examples, it will be opened in weblily.net's editor.

Cheers,

Weblily
**

On Wed, Mar 10, 2010 at 5:21 PM, Graham Percival
<address@hidden> wrote:
> Mr. Weblily,
>
> I like your enthusiasm with your weblily project, but for Mao's
> sake please learn something about computer security.  The current
> website is completely insecure.
>
> This is not a theoretical concern.  It would take me approximately
> two minutes to delete everything in your /home/lily/ directory --
> not just material in /home/lily/scores/.
>
>
> I wouldn't do this, of course -- but if a non-expert like me could
> do this so quickly, I'm certain that an experienced and malicious
> hacker could do far worse.  Such as taking over your machine and
> using it to attack other websites, distributing child porn, or
> whatever.
>
> If you want to continue to run your project without any regard for
> security, that's your business, but I want it understood that
> YOU HAVE COMPLETELY DISREGARDED ALL COMMON SENSE AND HAVE NOT READ
> THE MATERIAL ABOUT SECURITY IN OUR DOCUMENTATION.  YOU RUN
> LILYPOND IN THIS FASHION COMPLETELY AT YOUR OWN RISK, AND IF THE
> GERMAN EQUIVALENT OF THE FBI COMES KNOCKING ON YOUR DOOR ASKING
> WHY YOU ARE DISTRIBUTING RIPS OF HOLLYWOOD MOVIES OR PIRATED
> COMMERCIAL SOFTWARE, YOU CANNOT BLAME LILYPOND.
>
> The internet is not a playground.  If you're going to hand
> complete control over your server to other people, you might not
> like the consequences.
>
> - Graham Percival
>
>
> _______________________________________________
> lilypond-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/lilypond-devel
>



-- 
Han-Wen Nienhuys - address@hidden - http://www.xs4all.nl/~hanwen
reply via email to
[Prev in Thread] Current Thread [Next in Thread]