On Thu, 30 Oct 2014, kcrisman wrote:
Would you recommend putting this somewhere in the sagenb documentation? I
wasn't even aware of this .sage/notebook/ directory, since I'm not an admin.
Hmm... Where? Maybe
http://www.sagemath.org/doc/reference/notebook/sagenb/notebook/notebook_object.html
could have on "secure" something like
"When `notebook()` is run for first time with `secure=True`, it will
generate new keys and store them to `.sage/notebook/`. Remove this when
you want to generate new keys, for example if older version of Sage has
generated too short keys."
Somebody, please make a ticket for this.
* * *
Whole documentation for sagenb is quite bad. For example it is very easy
to run it without server_pool-option. Then any user can use
system()-function to read other users data or even to change files so that
system will collect password. To see that try
os.system("echo meow > /tmp/whatcatsays")
and then again
os.system("echo meow > "+SAGE_ROOT+"/whatcatsays")
Last one should give a permission denied.
Best practise here is, on my opinion, to have THREE account: sagegui for
running GUI, sagecalc to run computations and sagecomp for an admin to
compile Sage.
--
Jori Mäntysalo
--
You received this message because you are subscribed to the Google Groups
"sage-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-support.
For more options, visit https://groups.google.com/d/optout.
