MaximaPHP is a web interface to access Maxima computer algebra system in server.
The third and current version is 0.1.2
April 2, 2007, 0.1.2 is out, an ALPHA release
If you find a bug please post it at:
MaximaPHP is hosted at my-tool.com, with downloads and mailing list through
For a list of people who have helped work on this project please read the
MaximaPHP 0.1.2 is released under the GPL version 2, text is in
MaximaPHP currently can do the following:
- send almost any command to Maxima program in server
(including 'plot2d' and 'plot3d' to plot graph)
- separate classes into three categories:
* main classes to access Maxima
* security classes to check the input
* and viewer classes to take the input and show the output
- provide Viewer Generator to generate new viewer classes
MaximaPHP currently implements a several security measures to prevent user
from accidentally sending some harmful commands to the server.
- wrap Maxima program with '_maxima_with_timeout_.pl' a perl script that
launch Maxima program within a controlled timeout limit.
- wrap TtM program with '_ttm_with_timeout_.pl' a perl script that
launch TtM program within a controlled timeout limit.
- filter out input blocker, that blocks any commands considered
Filter out mechanism checks the input for a blacklist of unsecure commands
and rejects any one matched. This mechanism will do its job if we can guarantee
that all unsecure commands is in the list. However, this is a difficult task.
We may somehow fail to see that some commands is actually unsecure
for many reasons.
A class called MPSFilterOut is responsible to check the input and block any
commands that are considered unsecure.
The filter out measures implemented are
- blocks unsecure Maxima keywords
- blocks unsecure Maxima patterns
- blocks unsecure Gnuplot keywords
- blocks unsecure Gnuplot patterns
These keywords and patterns that considered unsecure are obtained by checking
the documentation of Maxima 5.11.0 as well as Gnuplot 4.2.0
NOTE: I cannot guarantee that all harmful keywords and patterns can be blocked.
You may want to make sure by yourself that it is really secure by checking the
Maxima and Gnuplot documentation thoroughly.
MaximaPHP currently have only a filter out mechanism to block unsecure commands.
However, some of unsecure commands may be not in the blacklist, and this may
be exploited to break the server.
I do not recommend you to use current release of MaximaPHP in a production site.
If you insist to use MaximaPHP in production site, I recommend that you take
additional security measures in the server side, such as:
- use a 'jailed' environment to run Maxima, Gnuplot and TtM.
Current release of MaximaPHP is bundled with the following viewers:
- Main viewer: to send arbitrary command to Maxima
* Simplify: to simplify any math expression
* Expand: to expand any math expression
* Factor: to factor any math expression
* Arithmetic: plus, minus, dot, divide, power
* Properties: Determinant, Trace, Rank, Inverse
Transpose, Adjoint, Triangular, Echelon
Eigenvalues, Eigenvectors, Unit eigenvectors
Similarity transform, Characteristic polynomial
- Cellular Automata: to generate and plot cellular automata
- Viewer Generator: to generate new viewer class
- regarding filter out security, find a trusted way to guarantee that
ALL unsecure keywords/patterns can be blocked
- regarding viewer generator, improve the capability
- add new viewers
- add new security measure which adopt filter in mechanism
(such that allow only known secure keywords/commands to be sent)
Thanks to all Maxima development team in their mailing list
firstname.lastname@example.org which gave me nice support and discussion
regarding the development of MaximaPHP.
Thanks to EVERYONE who has provided ideas and input, without you,
MaximaPHP would be nothing.
if you have any questions please email
bowo prasetyo praNzOjp at gSmaPil dAMot com
(take NO SPAM for email address)