Em Seg, 2008-11-24 às 13:05 -0800, jrpick escreveu: > For security, I just mean that if I have it running on a server, I > don't want people to be able to do malicious things like play with the > filesystem, send mail, or drop mysql tables. More than a sandbox, > however: you shouldn't be able to disable it, or otherwise mess things > up so that I have to reinstall it or fix it. > > I don't know how I plan on accomplishing the security yet. What I did > with my system currently (in Perl) is to implement a giant parser that > goes through and does calculations as it works out a string. The user > can never invoke a function directly, even though it might feel like > it. When you say something like sin(30 degrees) there are hard-coded > regular expressions that look for it and call the sin function. This > way, there's essentially a white list of acceptable things the user > can do. This is different from doing something like rexec(code), > which I've read has security issues. > > > On Nov 24, 6:49 am, Jason Grout <[EMAIL PROTECTED]> wrote: > > Jeff Pickhardt wrote: > > > When I say "simple" I mean really, really, REALLY simple. So simple > > > it's intuitive for non-programmers. I can program and I could always > > > run Python scripts or use command line interfaces myself, but I have > > > friends who want something even easier. My friends are pretty smart, > > > they're just not programmers. They're intimidated by this stuff. > > > > > I'm thinking I'll probably just continue my own back end (which I've > > > started rewriting in Python) but leverage some hand-picked advanced > > > functionalities like integration. The advantage of this is that I can > > > make it secure and easy to use; the disadvantage is that it'll be more > > > work. It absolutely has to be easy and secure, though. > > I was thinking about doing something like that for some time too, though I currently don't have time nor the skill to accomplish it. My idea is to copy the interface of an HP50g graphing calculator, which is pretty straightforward, with some modifications to make it even simpler to use (since we aren't limited to hardware buttons nor have exactly the same functions). Notice that this still wouldn't work on the security side, since there's always some way to hack around client-side limitations.
Ronan --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
