#(system 'rm -rf /') or something like that. Search the mailist archives on this list and the -devel list for a discussion. In summary: 1) somebody could wipe out anything that the web interface software can touch. 3) somebody could read anything that the web interface software can read. 2) somebody could use up as many resources as you're willing to give the web interface.
We know how to solve these issues, but nobody has offered to work on them, so they remain unsolved. Cheers, - Graham On Mon, May 18, 2009 at 02:17:00PM +0100, Alex wrote: > I'm wanting to run lilypond behind a web interface as a free tool that > anyone can use. The proof-of-concept seems to work fine. Now I'm > thinking of security considerations. In particular, what input to > lilypond is possible that could have nuisance or destructive effect? > > lex > > > > > _______________________________________________ > lilypond-user mailing list > lilypond-user@gnu.org > http://lists.gnu.org/mailman/listinfo/lilypond-user _______________________________________________ lilypond-user mailing list lilypond-user@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-user
