[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ANNOUNCE] Web-Octave Ready For Test
|
From: |
John Verzani |
|
Subject: |
Re: [ANNOUNCE] Web-Octave Ready For Test |
|
Date: |
Thu, 29 Jun 2000 13:42:48 -0500 (EST) |
Tom, here is a simple Security check you may wish to
implement. Without it I was able to easily access your local directory
structure, read the file octave.pl with system("less
./cgi-bin/octave.pl") and comment that it was nicely written. I could
do much more if so desired (you can even program in PERL as it is configured).
--John
sub Security {
my $commands = shift;
my @BadCommands = qw(
rename unlink readdir mkdir rmdir mkfifo umask stat
lstat glob fnmatch system popen pclose popen2 fork exec
pipe dup2 waitpid fcntl
getgrp getpid getppid geteuid getuid getegid getgid
getenv putenv
chdir pwd PWD ls dir
getpwent getpwuid getpwnam setpwent endpwent
getgrent getgruid getgrnam setgrent endgrent
getrusage
EXEC_PATH
save
);
### cd was left out
foreach (@BadCommands) {
s/\./\\./g;
if (
$commands =~ /$_\s*\(.*?\)/ ||
$commands =~ /-\s*$_\b/ ||
$commands =~ /\b$_\b/ ||
$commands =~ /_\s*$_\b/){
return "Sorry Charlie, you may not use the <STRONG>$_</STRONG>
function\n";
}
}
}
Tom Weichmann writes:
> Hello,
>
> I have developed a Web Interface to octave, allowing octave to be used on any
> platform with a graphical - javascript enabled web browser. I will be making
> this code public, but I would like to get any bugs out before I release the
> code. If you would like to test it out here is the URL:
>
> http://tech-research.buffalostate.edu/cgi-bin/sbox/~octave/octave.pl
>
> PLEASE send me any problems which you encounter.
>
> T.C. Weichmann
> Student Researcher
> State University of New York College at Buffalo
>
>
>
> -----------------------------------------------------------------------
> Octave is freely available under the terms of the GNU GPL.
>
> Octave's home on the web: http://www.che.wisc.edu/octave/octave.html
> How to fund new projects: http://www.che.wisc.edu/octave/funding.html
> Subscription information: http://www.che.wisc.edu/octave/archive.html
> -----------------------------------------------------------------------
>
--
....................................................................
. John Verzani mailto:address@hidden .
. Dept. of Mathematics http://www.math.csi.cuny.edu/~verzani .
. City University of New York tel: (718) 982-3623 .
. College of Staten Island fax: (718) 982-3631 .
. Staten Island, NY 10314 .
....................................................................
-----------------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.
Octave's home on the web: http://www.che.wisc.edu/octave/octave.html
How to fund new projects: http://www.che.wisc.edu/octave/funding.html
Subscription information: http://www.che.wisc.edu/octave/archive.html
-----------------------------------------------------------------------
- Re: Octave Web GUI, (continued)
- Message not available
- Re: Octave Web GUI, John Verzani, 2000/06/26
- Progress on Web GUI - New Problem, Tom Weichmann, 2000/06/28
- Progress on Web GUI - New Problem, John W. Eaton, 2000/06/28
- Re: Progress on Web GUI - New Problem, Tom Weichmann, 2000/06/28
- [ANNOUNCE] Web-Octave Ready For Test, Tom Weichmann, 2000/06/29
- Re: [ANNOUNCE] Web-Octave Ready For Test,
John Verzani <=
Octave Web GUI, John W. Eaton, 2000/06/26
Re: Octave Web GUI, etienne grossmann, 2000/06/25
Fwd: Re: Octave Web GUI, Tom Weichmann, 2000/06/25
Re: Octave Web GUI, Jonathan King, 2000/06/26
Re: Octave Web GUI, David Doolin, 2000/06/26