Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate security issues #6

Open
aaron97neu opened this issue Nov 9, 2018 · 0 comments
Open

Investigate security issues #6

aaron97neu opened this issue Nov 9, 2018 · 0 comments
Labels
bug Something isn't working

Comments

@aaron97neu
Copy link
Member

Allowing random users to execute code on your server should be met with pretty heavy skepticism from a security perspective in most cases. Not only is that being done here, but the user has unlimited access to all default python libraries (including those that allow interaction with file system and os), and in the case of ibnkhaldun, potentially with root access. This is incredibly dangerous if we wish to run a publicly accessible server.

This will likely spawn sub issues as we identify specific security issues.
Potential fixes:

  • Do not allow users to call internal functions
  • Restrict available libraries to only those necessary
  • Run code clientside (is there a js library for this? Is this feasible)
@aaron97neu aaron97neu added the bug Something isn't working label Nov 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aaron97neu