[NTG-context] Invoking ConTeXt from inside php web appliction
Henning Hraban Ramm
texml at fiee.net
Sat Jul 9 22:56:24 CEST 2016
Am 2016-07-09 um 17:45 schrieb Pavneet Arora <pavneet_arora at waroc.com>:
> Sorry that this has taken me so long. The report card application has
> been deployed, and although I am still going through and resolving minor
> bugs, it is very much in use (350 students leaving on Tu who already have
> their foundation work marked and commented within the system; output via
Nice to hear about your success!
In my case, my customer, a publisher of several special interest magazines, uploads lists of customers and their ad bookings into my web app and gets nicely TeXed voucher shipping documents.
> Anyway, I have updated the Wiki, but am unsure if I missed anything. So
> can everyone have a look and let me know:
I’m quite sure it’s a bad idea to install ConTeXt (or anything like that) in a public, i.e. web-accessible, directory!
Even if I can’t imagine an attack via accessing files from the ConTeXt tree, experienced attackers might.
I don’t use PHP any more, but I’m quite sure there’s a better way.
I run ConTeXt from a Django (Python) web app behind Nginx, and there only static files (i.e. images, CSS etc.) are directly accessible, and I can call a system-wide installed ConTeXt owned by root (i.e. nobody else can change it).
GPG Key ID 1C9B22FD
More information about the ntg-context