> > I am concerned about security of php-slurm. There are many input > arguments unfiltered and that is a potential vulns. For example, the > url  http://site/slurm/nodes.php?hostlist=umu[1-<big number>] will eat > memory and cpu of the controller host.
The sample php code is supposed to be used either internally amongst a closed and trust group of users (perhaps behind a .htaccess or on a private network for sysadmins) We were hoping that others would take it as a base and improve on the first implementation. But yes I do agree that more work could be done with filtering the input and not trust the user to put the correct thing in. > > I am also caught "Unable to contact slurm controller (connect > failure)" and "Invalid argument supplied for foreach() in > /usr/share/php-slurm > /includes/functions.php on line 336" errors while trying various bad > parameters. Perhaps Peter could shed some light on this issue. > > Isn't it a better to use give-all queries without parameters and make > all filtering work on client's side? This done in this way so that we would have the possibility of not passing too much data to the client. > All the same, Php-slurm is using jquery and won't work without > javascript enabled on client. We could re-implement some of the front facing php code to not use jquery, patches are welcome :) > > P.S. thanks for a work. We are planning to move to Slurm from our > self-made scheduling and resource management system. Screenshot of our > old web-interface: http://alexbers.dyndns.org/cluster_img/cluster.png. Excellent, slurm is a great resource manager, we've been using it for a few years now after migrating from torque/pbs. Also if you don't mind would if i forward these few emails to the slurm-devel list? Could we keep the discussion on the slurm-devel list? Thanks, Jimmy. > > Best, > > Alexander Bersenev, Russia, Institute of Mathematics and Mechanics, > http://twitter.com/#!/alex_bers. > -- Jimmy Tang Trinity Centre for High Performance Computing, Lloyd Building, Trinity College Dublin, Dublin 2, Ireland. http://www.tchpc.tcd.ie/
pgpTWoiC94wtT.pgp
Description: PGP signature
