On 2013-11-12 16:32-0700 Jerry wrote:
> I posted an announcement some time back on comp.lang.ada. about the latest
> PLplot release. (FWIW, it currently has 182 views, and I got some useful
> feedback from the Ada gurus.)
>
> Today this post (below) appeared. I don't know how to answer his question
> about thread safety. Any thoughts?
>
Thanks, Jerry, for generating this important publicity for PLplot in
the Ada community.
To answer the question at hand, I am virtually positive PLplot is not
thread safe, but you should wait for Andrew's response for the
definitive view on that, especially the question of what would need to
be done to make PLplot thread safe and ideally a plan for getting
there.
Just as important as thread safety in my option is security. If I were
a webserver designer interested in safe plotting, then it is important
to acknowledge that plotting software by its very nature is inherently
insecure; the problem is that plotting software has lots of different
user input channels (titles, text annotations, legends, colorbars,
etc.,) that could be the source of potential buffer overflows or other
intrusion possibilities. We do make some concious decisions for
PLplot development to avoid obvious security issues, but at the same
time security is not our primary interest and certainly not a
fundamentally important area of expertise for us. And I am sure that
is the case for developers of other plotting software as well; we are
all primarily interested in making pretty pictures ("lovely looking
charts") rather than designing secure software. :-)
So for any plot software including PLplot, the web designer should
filter down the possible user input channels as much as possible
(ideally no user-controlled input text allowed at all). After that, a
full security audit (only possible with open-source plotting software
such as PLplot) should be done of what is left to target by a
malicious user after such filtering. And we would certainly be happy
to accept patches that were the result of any such audit.
Alan
> Hi Jerry,
>
> That looks really interesting.
>
> I'm looking for a plotter routine that could be used safely inside the AWS [=
> Ada Web Server] web server, so I can implement a 'callback' chart server
> (currently I have one written in Java).
>
> Could this be used for that? Some simple tests suggest to me that it isn't
> thread safe. The Initialize_PLplot [aka plinit] and associated procedures to
> set filenames, etc, seem to set global variables somewhere. Is there some
> trick I'm missing?
>
> It does make lovely looking charts.
>
> thanks very much for this.
>
> Graham
__________________________
Alan W. Irwin
Astronomical research affiliation with Department of Physics and Astronomy,
University of Victoria (astrowww.phys.uvic.ca).
Programming affiliations with the FreeEOS equation-of-state
implementation for stellar interiors (freeeos.sf.net); the Time
Ephemerides project (timeephem.sf.net); PLplot scientific plotting
software package (plplot.sf.net); the libLASi project
(unifont.org/lasi); the Loads of Linux Links project (loll.sf.net);
and the Linux Brochure Project (lbproject.sf.net).
__________________________
Linux-powered Science
__________________________
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Plplot-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/plplot-devel
