Thank you for your answer, Harald.
The website is simply a collection of scripts which run maxima in batch mode
and parse output. There is no program behind the website. I am a big fan of
Open Source and I do publish the sources, but I have to improve the code
first:
* most names of internal functions are in Czech
* the code is not always consistent, for example some PDF files are compiled
with pdflatex from TeXlive and some with TeX from debian package
* the code is my second program in PHP and Perl, so it is not efficient and
hard to read and I am ashamed to publish it in the current state. But I have
already sent the sources to some people who asked me and we may try some
joint work with developers of WMI project, http://matek.hu
Concerning security issues:
* the maxima session is killed after 5 or 10 seconds
* the input is checked against unsecure commands (this part is stolen from
maximaPHP project, thanks)
* I remove names of allowed functions and variables, numbers, parentheses,
operators etc from user input and check, that nothing remains. This will
catch chars like ";" or "?" and functions which are not allowed, like erf
function (the calculators are designed and supposed to solve simple
problems).
* the server is a virtual server which is behind strong (in my opinion)
firewall, ssh access is from the main university server only.
Do you think that this is enough?
Thank you for your suggetions.
Robert Marik
On Sun, Mar 9, 2008 at 2:56 PM, Harald Geyer <harald at lefant.net> wrote:
> Hi Robert,
> I have just looked at your website and think the project is a
> valuable idea. However did you take proper care of security issues?
>
> Is the program behind your website open source? Perhaps even free
> software? It would be a pity if it got lost for some reason...
>
>