[R] Accessing R applications from Web
hadley wickham
h.wickham at gmail.com
Thu Apr 19 18:43:52 CEST 2007
> I learned to do this by studying Alfredo Pontillo and Angelo Mineo's
> R-php (http://dssm.unipa.it/R-php). Specifically, look at the file
> pages/result/index.php They have done lots of other good stuff in
> their project, like filtering dangerous commands - you would not want
> to let a user just type in any R code, because they could seriously
> damage your server.
This is incredibly hard to do with any programming language, and with
R in particular, as there are so many different ways of accessing a
function.
For example, try running the following on their demo site:
a <- get(paste("sys", "tem", sep=""))
a("ls /")
vs
system <- 5
print(system)
Not to mention the fact that the security check is only performed in
javascript, so could be trivially removed by turning off javascript or
performing the post directly.
Hadley
More information about the R-help
mailing list