Re: lilypond via web interface: security considerations

lilypond-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lilypond via web interface: security considerations

From:	Graham Percival
Subject:	Re: lilypond via web interface: security considerations
Date:	Wed, 20 May 2009 23:18:27 +0800
User-agent:	Mutt/1.5.18 (2008-05-17)

On Wed, May 20, 2009 at 10:42:28AM +0100, Alex wrote:
> An alternative for my own context could be to just offer a subset of  
> lilypond functionality, and reject any output that goes beyond that.  

This is what -dsafe does.  However, this disallows many useful
tweaks, and also doesn't stop a particular snippet from using
massive CPU resources.  To counteract a DOS attack, you'd need to
have a separate thread that kills the lilypond process if it takes
longer than X seconds.

We'd like to add this functionality to lilypond itself, but that
takes more coding, of course.  And such patches would need to be
examined very carefully; a badly-implemented security feature is
worse than no security feature at all!

Cheers,
- Graham

[Prev in Thread]

Current Thread

[Next in Thread]

Re: lilypond via web interface: security considerations, (continued)
- Re: lilypond via web interface: security considerations, Joseph Haig, 2009/05/18
  - Re: lilypond via web interface: security considerations, Alex, 2009/05/18
- Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/18
  - Re: lilypond via web interface: security considerations, Alex, 2009/05/18
    - Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/18
    - Re: lilypond via web interface: security considerations, Francisco Vila, 2009/05/18
    - Re: lilypond via web interface: security considerations, Alex, 2009/05/18
    - Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/19
    - Re: lilypond via web interface: security considerations, Daniel Hulme, 2009/05/20
    - Re: lilypond via web interface: security considerations, Alex, 2009/05/20
    - Re: lilypond via web interface: security considerations, Graham Percival <=
    - Re: lilypond via web interface: security considerations, Alex, 2009/05/21
    - Re: lilypond via web interface: security considerations, Matthias Kilian, 2009/05/21
    - Re: lilypond via web interface: security considerations, Alex, 2009/05/21
    - Re: lilypond via web interface: security considerations, Han-Wen Nienhuys, 2009/05/21
    - Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/21
    - Re: lilypond via web interface: security considerations, Alex, 2009/05/20
    - Re: lilypond via web interface: security considerations, Mike Blackstock, 2009/05/21
    - Re: lilypond via web interface: security considerations, Graham Percival, 2009/05/22
    - Re: lilypond via web interface: security considerations, Alex, 2009/05/22
    - Re: lilypond via web interface: security considerations, Hans Aberg, 2009/05/22

Prev by Date: Re: Special markups
Next by Date: Re: missing glissando features (bugs?)
Previous by thread: Re: lilypond via web interface: security considerations
Next by thread: Re: lilypond via web interface: security considerations
Index(es):
- Date
- Thread