[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lilypond via web interface: security considerations
From: |
Graham Percival |
Subject: |
Re: lilypond via web interface: security considerations |
Date: |
Wed, 20 May 2009 23:18:27 +0800 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Wed, May 20, 2009 at 10:42:28AM +0100, Alex wrote:
> An alternative for my own context could be to just offer a subset of
> lilypond functionality, and reject any output that goes beyond that.
This is what -dsafe does. However, this disallows many useful
tweaks, and also doesn't stop a particular snippet from using
massive CPU resources. To counteract a DOS attack, you'd need to
have a separate thread that kills the lilypond process if it takes
longer than X seconds.
We'd like to add this functionality to lilypond itself, but that
takes more coding, of course. And such patches would need to be
examined very carefully; a badly-implemented security feature is
worse than no security feature at all!
Cheers,
- Graham
- Re: lilypond via web interface: security considerations, (continued)
- Re: lilypond via web interface: security considerations, Joseph Haig, 2009/05/18
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/18
- Re: lilypond via web interface: security considerations, Alex, 2009/05/18
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/19
- Re: lilypond via web interface: security considerations, Daniel Hulme, 2009/05/20
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations,
Graham Percival <=
- Re: lilypond via web interface: security considerations, Alex, 2009/05/21
- Re: lilypond via web interface: security considerations, Matthias Kilian, 2009/05/21
- Re: lilypond via web interface: security considerations, Alex, 2009/05/21
- Re: lilypond via web interface: security considerations, Han-Wen Nienhuys, 2009/05/21
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/21
- Re: lilypond via web interface: security considerations, Alex, 2009/05/20
- Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/21
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/22
- Re: lilypond via web interface: security considerations, Alex, 2009/05/22
- Re: lilypond via web interface: security considerations, Hans Aberg, 2009/05/22