5

I'm setting up a website which would allow users to use certain select latex commands to build a document. They would then be able to preview the document, which means I would:

  • parse the text file to make sure only the allowed commands are there
  • use PHP to send the user's text to the pdflatex command
  • display the outputted pdf to the user

How secure is this? Is there a better way of doing this?

  • 4
    Have a look at [How can I safely compile other people's LaTeX documents?](http://tex.stackexchange.com/q/10418/3335) at our sister site about TeX and LaTeX for the right TeX configurations to use. Parsing a file to make sure only white-listed commands are in there might limit your users too much (or give them some loopholes). – Paŭlo Ebermann Dec 24 '11 at 12:11

1 Answers1

4

It's reasonably secure if you don't enable \write18. Of course you should use chroot and ulimit if you are running Unix. See here for the security of TeXLive 2011. And see here for the answer on TeX.SX.

Community
  • 1
  • 1
Martin Schröder
  • 4,176
  • 7
  • 47
  • 81