[Maxima] MaximaPHP

Robert Dodier robert.dodier at gmail.com
Sun Mar 4 22:23:06 CST 2007


Hello Bowo,

> I don't know if this is a correct place to announce this.

Yes, you've come to the right place.

> I have just created a PHP program to access Maxima on the server
> interactively from a website. I call it MaximaPHP.

Terrific. I have put a link on the Maxima web site. See:
http://maxima.sourceforge.net/relatedprojects.shtml

> I need some advices regarding security measures that I implemented
> here. Are there other Maxima commands that I need to filter out?

I don't really know much about that. You might look at Mediawiki algebra
extension (link on the page mentioned above). I'm pretty sure that project
has some security measures in place. But trying to identify all the
possible leaks is tricky. Maybe it is possible to get the web server to
execute Maxima in a sandbox of some kind. I don't know what's possible
there.

You might consider disallowing any symbol which begins with ?
since that allows access to Lisp symbols, e.g. ?load = Lisp LOAD function.
But, again, I think running in a sandbox is better. Let us know if you
make some progress on that, I'm pretty sure others would be interested.

Thanks for the news & keep up the good work,
Robert Dodier


More information about the Maxima mailing list