2011/10/20 Chris Travers <chris.trav...@gmail.com>: > The general point is that where one is doing server-side document > generation, there are sufficient reasons *not* to use external binary > blobs with it's own package manager that doesn't talk to or integrate > with anything else, which has a short support cycle, and which is > statically linked to all its dependencies. > > Use of distro packages may not be perfect, but the only two options > are that or compiling from source, realistically. > I have server side applications based on TL. I use them from time to time (none of them is currently active). The remote user cannot write the document, it is always prepared by some SW tool (PHP, XSLT, ...). And \write18 is disabled for such applications. On the other hand, there are servers providing TL and users can type their documents directly, see http://tex.mendelu.cz/ for instance.
If the current version of TL is 2011 but the native packaged version in a Linux distro is 2007, are you sure that there are not bugs and security holes? Do you know how \write18 is handled? Are you sure that they do not allow \input /etc/passwd and \input /etc/shadow? It is disabled by me in my TL based server side applications. > Best Wishes, > Chris Travers > > > -------------------------------------------------- > Subscriptions, Archive, and List information, etc.: > http://tug.org/mailman/listinfo/xetex > -- Zdeněk Wagner http://hroch486.icpf.cas.cz/wagner/ http://icebearsoft.euweb.cz -------------------------------------------------- Subscriptions, Archive, and List information, etc.: http://tug.org/mailman/listinfo/xetex
