[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lilypond via web interface: security considerations
|
From: |
Joseph Haig |
|
Subject: |
Re: lilypond via web interface: security considerations |
|
Date: |
Mon, 18 May 2009 14:41:32 +0100 |
2009/5/18 Alex <address@hidden>:
> I'm wanting to run lilypond behind a web interface as a free tool that
> anyone can use. The proof-of-concept seems to work fine. Now I'm
> thinking of security considerations. In particular, what input to
> lilypond is possible that could have nuisance or destructive effect?
>
Is it possible to get Lilypond to include a text file? Something like:
\markup { \include "/etc/passwd" }
This doesn't actually work (it just writes out "/etc/passwd"), but if
you find a way of doing this, this would be a potential security
issue. Also, consider what might happen if someone uploads a file
called:
"test.ly; rm /var/www/"
These examples are specific to Linux/UNIX, but there will be
equivalents for any OS.
Regards,
Joe
- lilypond via web interface: security considerations, Alex, 2009/05/18
- Re: lilypond via web interface: security considerations,
Joseph Haig <=
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/18
- Re: lilypond via web interface: security considerations, Alex, 2009/05/18
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/19
- Re: lilypond via web interface: security considerations, Daniel Hulme, 2009/05/20
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/20