[sage-trac] Re: [Sage] #8473: Make .sws files clickable

Wed, 29 Dec 2010 09:56:02 -0800 

#8473: Make .sws files clickable
---------------------------+------------------------------------------------
   Reporter:  olazo        |       Owner:  iandrus     
       Type:  enhancement  |      Status:  needs_review
   Priority:  minor        |   Milestone:  sage-4.6.1  
  Component:  notebook     |    Keywords:              
     Author:  Ivan Andrus  |    Upstream:  N/A         
   Reviewer:               |      Merged:              
Work_issues:               |  
---------------------------+------------------------------------------------

Comment(by iandrus):

 Replying to [comment:7 kcrisman]:
 > Replying to [comment:6 iandrus]:
 > > I should note I only allow file urls when running on localhost because
 otherwise it doesn't make much sense and could be a security hole.
 > But I can imagine people definitely wanting to upload an sws file to a
 Sage instance running only in their browser, i.e. from xyz.sagenb.org.
 And we already allow arbitrary code in a Sage notebook instance!  So I
 don't know whether this would be any less secure than the current
 situation...

 I was probably unclear.  With a file url, it would grab the file from the
 server rather than the local machine, so it's probably not what people
 want or expect at all.  e.g. if you try to upload
 file:///home/iandrus/sage/sws1.sws, this will only work if the machine the
 server is running on also has a file at /home/iandrus/sage/sws1.sws, and
 then only if the file is the same.

 It might be nice to add some way to upload a file to a remote server
 programmatically, but I think that entails logging in and then sending off
 a POST request from a script, so it has a different feel.  I tried writing
 a simple script using curl a while ago, but I couldn't get it to work for
 some reason.  Perhaps someone knows of a better/different way to
 accomplish it.

 You are right about the security hole though, it's probably the least of
 our worries :-)

-- 
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/8473#comment:9>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica, 
and MATLAB

-- 
You received this message because you are subscribed to the Google Groups 
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/sage-trac?hl=en.

Reply via email to