Security concerns with compiling latex dynamically on a web server
https://stackoverflow.com/questions/8622973
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm setting up a website which would allow users to use certain select latex commands to build a document. They would then be able to preview the document, which means I would:
- parse the text file to make sure only the allowed commands are there
- use PHP to send the user's text to the
pdflatexcommand - display the outputted pdf to the user
How secure is this? Is there a better way of doing this?
Solution
It's reasonably secure if you don't enable \write18. Of course you should use chroot and ulimit if you are running Unix. See here for the security of TeXLive 2011. And see here for the answer on TeX.SX.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
