Hi On 1 March 2012 16:39, Jeroen Demeyer <jdeme...@cage.ugent.be> wrote:
> On 2012-03-01 13:35, Jason Grout wrote: > > Can you elaborate, Jeroen, just so that communication is clear by what > > you mean by "totally insecure"? > 1) A user on a public Notebook server can run totally arbitrary > commands, including for example sending spam emails or using all system > resources. > > 2) There is no separation between several notebook users, any user can > interfere with the running worksheets of other users. Luckily, when > using the server_pool option, non-running worksheets are safe. > One good thing (in terms of packaging for debian) is that by default sage runs in "safe mode" (local IP and local user only) unless the user specifices otherwise, i.e. allowing external interface or other users to register. No? $ sage # does not even run a notebook $ sage -notebook() # does not run on an external interface or allow other users $ sage -notebook(user needs to configure those insecure options here) Regards, Jan -- .~. /V\ Jan Groenewald /( )\ www.aims.ac.za ^^-^^ -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
