README

MaximaPHP
---------

MaximaPHP is a web interface to access Maxima computer algebra system in server.


Release Notes
-------------

The third and current version is 0.1.2

April 2, 2007, 0.1.2 is out, an ALPHA release

If you find a bug please post it at:
https://sourceforge.net/tracker/?func=add&group_id=191602&atid=938040


General Notes
-------------

MaximaPHP is hosted at my-tool.com, with downloads and mailing list through 
sourceforge.net

webpage: 	            http://www.my-tool.com/mathematics/maximaphp/
show-case: 	            http://www.my-tool.com/maximaphp/
documentation:          http://maximaphp.sourceforge.net/doc/index.html
projectpage: 	      http://maximaphp.sourceforge.net

For a list of people who have helped work on this project please read the 
Authors file

MaximaPHP 0.1.2 is released under the GPL version 2, text is in
LICENSE


Feature Notes
-------------

MaximaPHP currently can do the following:
- send almost any command to Maxima program in server
  (including 'plot2d' and 'plot3d' to plot graph)

- separate classes into three categories:
  * main classes to access Maxima
  * security classes to check the input
  * and viewer classes to take the input and show the output

- provide Viewer Generator to generate new viewer classes


Security Notes
--------------

MaximaPHP currently implements a several security measures to prevent user
from accidentally sending some harmful commands to the server.

These include:
- wrap Maxima program with '_maxima_with_timeout_.pl' a perl script that
  launch Maxima program within a controlled timeout limit.
- wrap TtM program with '_ttm_with_timeout_.pl' a perl script that
  launch TtM program within a controlled timeout limit.
- filter out input blocker, that blocks any commands considered
  unsecure.

Filter out mechanism checks the input for a blacklist of unsecure commands
and rejects any one matched. This mechanism will do its job if we can guarantee
that all unsecure commands is in the list. However, this is a difficult task.
We may somehow fail to see that some commands is actually unsecure 
for many reasons.

A class called MPSFilterOut is responsible to check the input and block any
commands that are considered unsecure.

The filter out measures implemented are 
 - blocks unsecure Maxima keywords
 - blocks unsecure Maxima patterns
 - blocks unsecure Gnuplot keywords
 - blocks unsecure Gnuplot patterns

These keywords and patterns that considered unsecure are obtained by checking 
the documentation of Maxima 5.11.0 as well as Gnuplot 4.2.0

NOTE: I cannot guarantee that all harmful keywords and patterns can be blocked. 
You may want to make sure by yourself that it is really secure by checking the
Maxima and Gnuplot documentation thoroughly.


Usage Notes
-----------

MaximaPHP currently have only a filter out mechanism to block unsecure commands.
However, some of unsecure commands may be not in the blacklist, and this may
be exploited to break the server.

I do not recommend you to use current release of MaximaPHP in a production site. 

If you insist to use MaximaPHP in production site, I recommend that you take
additional security measures in the server side, such as:

- use a 'jailed' environment to run Maxima, Gnuplot and TtM.
  see http://olivier.sessink.nl/jailkit/


Viewer Notes
------------

Current release of MaximaPHP is bundled with the following viewers:
- Main viewer: to send arbitrary command to Maxima
- Algebra
  * Simplify: to simplify any math expression
  * Expand: to expand any math expression
  * Factor: to factor any math expression
- Calculus
  * Integrate
  * Differentiate
- Matrices
  * Arithmetic: plus, minus, dot, divide, power
  * Properties: Determinant, Trace, Rank, Inverse
      Transpose, Adjoint, Triangular, Echelon
      Eigenvalues, Eigenvectors, Unit eigenvectors
      Similarity transform, Characteristic polynomial
- Cellular Automata: to generate and plot cellular automata
- Viewer Generator: to generate new viewer class


Todo List
---------

- regarding filter out security, find a trusted way to guarantee that 
  ALL unsecure keywords/patterns can be blocked
- regarding viewer generator, improve the capability
- add new viewers
- add new security measure which adopt filter in mechanism
  (such that allow only known secure keywords/commands to be sent)


Thanks
------

Thanks to all Maxima development team in their mailing list 
maxima@math.utexas.edu which gave me nice support and discussion 
regarding the development of MaximaPHP.
    
Thanks to EVERYONE who has provided ideas and input, without you,
MaximaPHP would be nothing.


---------------------------------------
if you have any questions please email
bowo prasetyo praNzOjp at gSmaPil dAMot com
(take NO SPAM for email address)


Documentation generated on Mon, 23 Apr 2007 13:00:27 +0900 by phpDocumentor 1.3.1