Subject: Re: RPad and Security
Newsgroups: gmane.comp.lang.r.gui
Date: 2007-10-24 13:50:54 GMT (1 year, 36 weeks, 1 day, 14 hours and 5 minutes ago)
Iqbal, I agree with Hadley. If you're concerned about security with Rpad or with any server technology that allows you to remotely run R code, you need to lock down your server (locking down R itself is almost impossible). That means only giving the apache user access to files it is supposed to access. To lock down servers even more, you can explore running processes in chroot jails, something like OpenVZ, or even full-blown VMWare machines (I haven't found the need for any of these, yet). Security systems like SELinux may also help restrict what the remote user can do. You could also explore requiring usernames and passwords to access your site (this is relatively easy with apache). Data lockdown is another issue. Write access is relatively easy, because you can handle that with file or database permissions. It is impossible to restrict read access remotely if the Rpad page can access the same data. If you need to shut out read access to data, then you need a server-oriented system like Jeffrey Horner's rapache. - Tom Tom Short Electric Power Research Institute (EPRI) -----Original Message----- From: r-sig-gui-bounces <at> stat.math.ethz.ch [mailto:r-sig-gui-bounces <at> stat.math.ethz.ch] On Behalf Of hadley wickham Sent: Wednesday, October 24, 2007 09:30 To: Iqbal Jamal Cc: r-sig-gui <at> stat.math.ethz.ch Subject: Re: [R-gui] RPad and Security It's difficult to provide much security from within R due to the extreme difficulty of restricting potentially dangerous activities - and an experienced R user can usually get around any arbitrary restrictions you put it. A more general technique is to make sure that the user running the rpad process has minimal security access (good practice anyway). Hadley On 10/23/07, Iqbal Jamal <iqbaljamal <at> shaw.ca> wrote: > Greetings: > > I am looking at using Rpad but concerned about security and access to files on our server. > Any suggestions/pointers/experiences from the list would be very helpful. > > Iqbal Jamal > > > [[alternative HTML version deleted]] > > _______________________________________________ > R-SIG-GUI mailing list > R-SIG-GUI <at> stat.math.ethz.ch > https://stat.ethz.ch/mailman/listinfo/r-sig-gui > -- http://had.co.nz/ _______________________________________________ R-SIG-GUI mailing list R-SIG-GUI <at> stat.math.ethz.ch https://stat.ethz.ch/mailman/listinfo/r-sig-gui