Security concerns with compiling latex dynamically on a web server
Question
I'm setting up a website which would allow users to use certain select latex commands to build a document. They would then be able to preview the document, which means I would:
- parse the text file to make sure only the allowed commands are there
- use PHP to send the user's text to the
pdflatex
command - display the outputted pdf to the user
How secure is this? Is there a better way of doing this?
Solution
It's reasonably secure if you don't enable \write18
. Of course you should use chroot
and ulimit
if you are running Unix. See here for the security of TeXLive 2011. And see here for the answer on TeX.SX.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow