Security Issues When Dynamically Linking Latex to a Web Server

Question

Security Issues When Dynamically Linking Latex to a Web Server

I am creating a website that will allow users to use certain latex selection commands to create a document. Then they will be able to view the document, which means that I:

parse the text file to make sure that there are only valid commands.
use PHP to send custom text to the pdflatex
displays output pdf file to user

How safe is it? Is there a better way to do this?

+4

php pdf pdflatex latex

n0pe Dec 24 '11 at 5:46

source share

1 answer

Martin schröder · Accepted Answer · 2011-12-24T11:31:04+0000

This is safe if you did not \write18 . Of course you should use chroot and ulimit if you are using Unix. See here for TeXLive 2011 security. And look here for an answer on TeX.SX.

Security Issues When Dynamically Linking Latex to a Web Server

More articles: