2009/5/18 Alex <lilypond-u...@ohmslaw.org.uk>: > I'm wanting to run lilypond behind a web interface as a free tool that > anyone can use. The proof-of-concept seems to work fine. Now I'm > thinking of security considerations. In particular, what input to > lilypond is possible that could have nuisance or destructive effect? >
Is it possible to get Lilypond to include a text file? Something like: \markup { \include "/etc/passwd" } This doesn't actually work (it just writes out "/etc/passwd"), but if you find a way of doing this, this would be a potential security issue. Also, consider what might happen if someone uploads a file called: "test.ly; rm /var/www/" These examples are specific to Linux/UNIX, but there will be equivalents for any OS. Regards, Joe _______________________________________________ lilypond-user mailing list lilypond-user@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-user