[GRASS-dev] GSoC 2014: GRAS GIS Web UI
Glynn Clements
glynn at gclements.plus.com
Fri Mar 7 08:14:51 PST 2014
Rashad M wrote:
> I would like to check with grass-devs about the possibility of having a web
> version of GRASS GIS as a part of SoC 2014. I had done some behind the
> scenes work for web version using C++ web toolkit Wt[1]. This involves
> running a grass modules online just like you do on Desktop with a UI that
> resembles that of wxGUI. I had been in touch with one of my juniors in my
> lab and he is interested to work on it. I could mentor this project as I
> had experience with Wt, GRASS and GSoC. I hope this web version will be
> very useful in both users and developers.
>
> Comments and suggestions are most welcomed.
My main concern would be security.
You will need to thoroughly sanitise all inputs. You cannot rely upon
GRASS modules to do this, as e.g. most string handling uses fixed-size
buffers, so you need to explicitly limit the length of any arguments
to avoid the possibility of buffer overruns.
None of this is an issue for normal use, as "exploiting" GRASS modules
doesn't gain a user any access which they don't already have. But for
a web application, allowing a user to run GRASS modules with arbitrary
inputs amounts to giving them shell access.
You might even want to create an actual Unix account for each user, so
that any failures regarding input sanitisation are contained. However,
this would require something like suExec or servlets.
--
Glynn Clements <glynn at gclements.plus.com>
More information about the grass-dev
mailing list