[GRASS-dev] GSoC 2014: GRAS GIS Web UI
Rashad M
mohammedrashadkm at gmail.com
Fri Mar 7 08:42:55 PST 2014
Hi Glynn.
On Fri, Mar 7, 2014 at 5:14 PM, Glynn Clements <glynn at gclements.plus.com>wrote:
>
> Rashad M wrote:
>
> > I would like to check with grass-devs about the possibility of having a
> web
> > version of GRASS GIS as a part of SoC 2014. I had done some behind the
> > scenes work for web version using C++ web toolkit Wt[1]. This involves
> > running a grass modules online just like you do on Desktop with a UI that
> > resembles that of wxGUI. I had been in touch with one of my juniors in my
> > lab and he is interested to work on it. I could mentor this project as I
> > had experience with Wt, GRASS and GSoC. I hope this web version will be
> > very useful in both users and developers.
> >
> > Comments and suggestions are most welcomed.
>
> My main concern would be security.
>
> You will need to thoroughly sanitise all inputs. You cannot rely upon
> GRASS modules to do this, as e.g. most string handling uses fixed-size
> buffers, so you need to explicitly limit the length of any arguments
> to avoid the possibility of buffer overruns.
>
>
I am not clear with this. maybe security and web apps are creating me a
confusion.
> None of this is an issue for normal use, as "exploiting" GRASS modules
> doesn't gain a user any access which they don't already have. But for
> a web application, allowing a user to run GRASS modules with arbitrary
> inputs amounts to giving them shell access.
>
Regarding shell accees we are thinking IPython. and massimo had experience
in using with GRASS. We are exploring its integration with Wt
>
> You might even want to create an actual Unix account for each user, so
> that any failures regarding input sanitisation are contained. However,
> this would require something like suExec or servlets.
>
I thought of having a user account setup and the "shell" on web ui won't
allow to navigate around any folder
> --
> Glynn Clements <glynn at gclements.plus.com>
>
--
Regards,
Rashad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/grass-dev/attachments/20140307/805cb888/attachment.html>
More information about the grass-dev
mailing list