<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>Glynn,</div><div><br></div><div>I’aware that the "security risk handling" in a web app is a hard and hot topic, hopefully a lot of project are working on this direction </div><div>Of course a web-ui for grass will be designed for registered users and not for the anonymous www (password, registration and https can be implemented) </div><div><br></div><div>The “web-shell” feature is obviously reserved to only “trusted users”.</div><div>without this assumption application like Rstudio or IPython notebook should not exist.</div><div><br></div><div>A multi user approach needs to be based IMHO on unix each user has to have its own home and access to filesystem. If this is not enough the application can be restricted to a chroot jail but this is not part of the UI development (is more a sys admin choice)</div><div><br></div><div>For the authorization protocol it can be implemented using PAM. (i guess is what Rstudio is using)</div><div>WT has a mature authentication module </div><div><br></div><div><div><a href="http://www.webtoolkit.eu/wt/blog/2011/11/29/wt___jwt_3_2_0">http://www.webtoolkit.eu/wt/blog/2011/11/29/wt___jwt_3_2_0</a></div><div><a href="http://www.webtoolkit.eu/wt/blog/2013/08/07/security__wt_and_the_new_breach_vulnerability/">http://www.webtoolkit.eu/wt/blog/2013/08/07/security__wt_and_the_new_breach_vulnerability/</a></div></div><div><br></div><div>The potential user of a web ui for grass, need to be a trusted user in any case and need to go trough a registration process where an admin as to approve it. not anonymous users allowed.</div><div><br></div><div>I guess the code behind the web-ui has to sanitize each text entry, will be this enough ?</div><div>A "sanitize inspection" on all the “input” coming from the web-ui can be performed and this will be part of the UI itself, not of the grass modules. with the aim to avoid people doing something like .. <a href="http://xkcd.com/327/">http://xkcd.com/327/</a> ;)</div><div><br></div><div><br></div><div>Massimo.</div><div><br></div><div><br></div><div><div><div>On Mar 8, 2014, at 11:42 AM, Glynn Clements <<a href="mailto:glynn@gclements.plus.com">glynn@gclements.plus.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><br>Rashad M wrote:<br><br><blockquote type="cite"><blockquote type="cite">My main concern would be security.<br><br>You will need to thoroughly sanitise all inputs. You cannot rely upon<br>GRASS modules to do this, as e.g. most string handling uses fixed-size<br>buffers, so you need to explicitly limit the length of any arguments<br>to avoid the possibility of buffer overruns.<br></blockquote><br>I am not clear with this. maybe security and web apps are creating me a<br>confusion.<br></blockquote><br>If you do not understand the principles of secure programming, you<br>shouldn't attempt to write a web interface to GRASS.<br><br>GRASS modules typically do not attempt to be secure against invalid<br>input. If you're providing access to "untrusted" users (users who<br>aren't supposed to have the full privileges of the account under which<br>the modules are executed), you will need to prevent invalid input from<br>reaching the modules.<br><br>-- <br>Glynn Clements <<a href="mailto:glynn@gclements.plus.com">glynn@gclements.plus.com</a>><br>_______________________________________________<br>grass-dev mailing list<br><a href="mailto:grass-dev@lists.osgeo.org">grass-dev@lists.osgeo.org</a><br>http://lists.osgeo.org/mailman/listinfo/grass-dev<br></blockquote></div><br></div></body></html>