I do not see knitr and Sweave security discussed anywhere. The Customization guide has 5 paragraphs on security regarding external templates.
For example, someone could post a .lyx file asking for help that contains malicious code. I don't always check the list of modules that a document has and sometimes it might be hard to go through the entire file looking at the chunks of code (which might not stand out since they can be collapsed) before compiling. Using R's "system" command, one can run arbitrary commands, downloading/uploading or deleting information. In the external template support, measures are taken to restrict the access that the user has to the shell. I do not see any options that Rscript can accept to provide more security. Any thoughts as far as improving security, warning the user, or documentation? Thanks, Scott
