[Maxima] Web pages of Maxima

Harald Geyer harald at lefant.net
Mon Mar 10 19:03:05 CDT 2008


Hi Robert!

> * the code is my second program in PHP and Perl, so it is not efficient and
> hard to read and I am ashamed to publish it in the current state. But I have
> already sent the sources to some people who asked me and we may try some
> joint work with developers of WMI project, http://matek.hu

Fine.
 
> Concerning security issues:
> * the maxima session is killed after 5 or 10 seconds
> * the input is checked against unsecure commands (this part is stolen from
> maximaPHP project, thanks)

That's rather ineffective as most maxima commands are potentially
insecure, but ...

> * I remove names of allowed functions and variables, numbers, parentheses,
> operators etc from user input and check, that nothing remains. This will
> catch chars like ";" or "?" and functions which are not allowed, like erf
> function (the calculators are designed and supposed to solve simple
> problems).

that's a better idea. Since you reject almost the entire alphabet,
I couldn't inject a list via args(foo*bar*bax) because r is not
allowed.

> Do you think that this is enough?

It might be, but by chance there might exist a function, which
passes your tests. I can't tell for sure without studying your code
(and the maxima manual) in detail.

BTW while playing with your program I found a bug:
take the derivative of x^3*exp(aa*x^2) - there seems to be some
recursion problem. Probably because you use aa internally for something
(pattern matching?).
Other multichar symbols (like aba) work just fine.

HTH,
Harald


More information about the Maxima mailing list