Hi Glynn.
On Fri, Mar 7, 2014 at 5:14 PM, Glynn Clements <gl...@gclements.plus.com>wrote: > > Rashad M wrote: > > > I would like to check with grass-devs about the possibility of having a > web > > version of GRASS GIS as a part of SoC 2014. I had done some behind the > > scenes work for web version using C++ web toolkit Wt[1]. This involves > > running a grass modules online just like you do on Desktop with a UI that > > resembles that of wxGUI. I had been in touch with one of my juniors in my > > lab and he is interested to work on it. I could mentor this project as I > > had experience with Wt, GRASS and GSoC. I hope this web version will be > > very useful in both users and developers. > > > > Comments and suggestions are most welcomed. > > My main concern would be security. > > You will need to thoroughly sanitise all inputs. You cannot rely upon > GRASS modules to do this, as e.g. most string handling uses fixed-size > buffers, so you need to explicitly limit the length of any arguments > to avoid the possibility of buffer overruns. > > I am not clear with this. maybe security and web apps are creating me a confusion. > None of this is an issue for normal use, as "exploiting" GRASS modules > doesn't gain a user any access which they don't already have. But for > a web application, allowing a user to run GRASS modules with arbitrary > inputs amounts to giving them shell access. > Regarding shell accees we are thinking IPython. and massimo had experience in using with GRASS. We are exploring its integration with Wt > > You might even want to create an actual Unix account for each user, so > that any failures regarding input sanitisation are contained. However, > this would require something like suExec or servlets. > I thought of having a user account setup and the "shell" on web ui won't allow to navigate around any folder > -- > Glynn Clements <gl...@gclements.plus.com> > -- Regards, Rashad
_______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/grass-dev