[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Wikitex security
From: |
Graham Percival |
Subject: |
Re: Wikitex security |
Date: |
Fri, 26 Feb 2010 11:51:15 +0000 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, Feb 26, 2010 at 12:23:36PM +0100, Federico Bruni wrote:
> I'm wondering if the Wikitex extension for Mediawiki is a secure
> alternative to the LilyPond extension.
>
> http://wikisophia.org/wiki/Wikitex
>
> (as you can see, there is an Edit button... it is open to public
> modifications)
>
> and I came to the conclusion that Wikitex does not allow DoS attacks.
I see absolutely no security involved here, although admittedly I
only spent two minutes looking at it. I have every reason to
believe that wikisophia is offering a remote local security hole.
And if they present *that* hole, then I'm willing to be money that
you could find another security flaw and gain root access via your
local-user access.
I certainly think that a DoS attack would be easy.
> I'm going to give a talk about LilyPond next week and I'd like to have my
> mind clear about these issues.
IMO, the best thing to clear your mind is this: "if you don't know
about security, then don't offer globally-accessible services".
Computer security is a hard area; you won't be able to write
secure web services after reading a dozen webpages and spending a
weekend programming something. It takes weeks (if not months or
years!) of study, and a similar amount of time working on every
piece of software.
This amount of work has emphatically NOT been done on lilypond.
Cheers,
- Graham