[GRASS-dev] GSoC 2014: GRAS GIS Web UI

Glynn Clements glynn at gclements.plus.com
Sat Mar 8 08:42:51 PST 2014


Rashad M wrote:

> > My main concern would be security.
> >
> > You will need to thoroughly sanitise all inputs. You cannot rely upon
> > GRASS modules to do this, as e.g. most string handling uses fixed-size
> > buffers, so you need to explicitly limit the length of any arguments
> > to avoid the possibility of buffer overruns.
> 
> I am not clear with this. maybe security and web apps are creating me a
> confusion.

If you do not understand the principles of secure programming, you
shouldn't attempt to write a web interface to GRASS.

GRASS modules typically do not attempt to be secure against invalid
input. If you're providing access to "untrusted" users (users who
aren't supposed to have the full privileges of the account under which
the modules are executed), you will need to prevent invalid input from
reaching the modules.

-- 
Glynn Clements <glynn at gclements.plus.com>


More information about the grass-dev mailing list