On Fri, Feb 26, 2010 at 12:23:36PM +0100, Federico Bruni wrote: > I'm wondering if the Wikitex extension for Mediawiki is a secure > alternative to the LilyPond extension. > > http://wikisophia.org/wiki/Wikitex > > (as you can see, there is an Edit button... it is open to public > modifications) > > and I came to the conclusion that Wikitex does not allow DoS attacks.
I see absolutely no security involved here, although admittedly I only spent two minutes looking at it. I have every reason to believe that wikisophia is offering a remote local security hole. And if they present *that* hole, then I'm willing to be money that you could find another security flaw and gain root access via your local-user access. I certainly think that a DoS attack would be easy. > I'm going to give a talk about LilyPond next week and I'd like to have my > mind clear about these issues. IMO, the best thing to clear your mind is this: "if you don't know about security, then don't offer globally-accessible services". Computer security is a hard area; you won't be able to write secure web services after reading a dozen webpages and spending a weekend programming something. It takes weeks (if not months or years!) of study, and a similar amount of time working on every piece of software. This amount of work has emphatically NOT been done on lilypond. Cheers, - Graham _______________________________________________ lilypond-user mailing list lilypond-user@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-user
