Hopefully I'm not abusing the list by doing this... my response will follow in the next mail
---------- Forwarded message ---------- From: Александр Берсенев <[email protected]> Date: 2011/5/10 Subject: About the web-interface of Slurm To: [email protected] Hello, I am concerned about security of php-slurm. There are many input arguments unfiltered and that is a potential vulns. For example, the url http://site/slurm/nodes.php?hostlist=umu[1-<big number>] will eat memory and cpu of the controller host. I am also caught "Unable to contact slurm controller (connect failure)" and "Invalid argument supplied for foreach() in /usr/share/php-slurm /includes/functions.php on line 336" errors while trying various bad parameters. Isn't it a better to use give-all queries without parameters and make all filtering work on client's side? All the same, Php-slurm is using jquery and won't work without javascript enabled on client. P.S. thanks for a work. We are planning to move to Slurm from our self-made scheduling and resource management system. Screenshot of our old web-interface: http://alexbers.dyndns.org/cluster_img/cluster.png. Best, Alexander Bersenev, Russia, Institute of Mathematics and Mechanics, http://twitter.com/#!/alex_bers.
