On 03/01/2012 10:39 AM, Jeroen Demeyer wrote:
On 2012-03-01 13:35, Jason Grout wrote:
Can you elaborate, Jeroen, just so that communication is clear by what
you mean by "totally insecure"?
1) A user on a public Notebook server can run totally arbitrary
commands, including for example sending spam emails or using all system
resources.
2) There is no separation between several notebook users, any user can
interfere with the running worksheets of other users. Luckily, when
using the server_pool option, non-running worksheets are safe.
3) Sage is bordering on a full linux distribution, but all of the
packages are served over plain http. There are md5 sums, but those come
over plain http too, so they only prevent accidental corruption.
4) Sage code is really python code, so you can't run anything you don't
fully trust.
5) Trac and wiki credentials are sent unencrypted (this is trivial to fix).
--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
