Hi there,
  for my own personal use, I've been thinking on building a web interface to
POV-Ray.  It would feature a basic Editor, basic CVS and ability to render the
povray source and keep images.  If password protected, this whole thing is
simple.

  However, I am interested in opening this thing to the world to let anyone use
it.  I remember from long ago there were a few sparks about execution of files,
and inclusion of files which led to the creation of system-wide and user
permissions for these...  but there is still the ability to write and other
like that...

  What I'm asking is:  Is it possible to disable ALL potential abuse and misuse
features in povray for a user just by compiling or configuring it specially?

  If not, then my question is a bit more general:  When parsing a user script
(after dealing with encoding tricks and encapsulation tricks and so on) what
are the things i should look for?  My policy would be to reject a file
completely the moment something unusual is found (such as different encoding
inside the text, etc) and flag this user's account (so i can monitor him more
closely and possibly use his malice to my advantage, by learning from it).

Anybody know of a simple (config? patch?) solution?  Or anybody cares to inform
me of some details concerning the difficult solution?

Thanks a lot in advance! =)
  Simon

Post a reply to this message