Request Sanitize R from web users

Question

We are creating a web form that will allow (trusted) users to enter their own R-queries. They will analyze statistics on the database.

Questions:

How dangerous is it in its basic form? I'm new to R, so what's the worst thing they could do? (Assuming the database connection is unprivileged).
Is there an easy way to misinform the input to eliminate the biggest risks?
Can the raw data be sanitized to the point where we could open it up to the public? For example, we could not risk DOS attacks.

+3

Steve Bennett ㄹ 06 Feb '13 at 9:40

1 answer

Steve Bennett ㄹ · Accepted Answer · 2013-02-06T21:26:51+0000

Aggregation of comments above, plus messages from the mailing list thread pointed to by Josh O'Brien.

Very. An unsecured R request can do whatever its process can do with a function system()

.
From the list, grepping requests for "system" and "eval" are useful (but can be easily bypassed by experienced R programmers). sandboxR takes this even further by adding additional security. But the experts on the list claim they can easily get around even that.
While it looks like no. Perhaps this could be done with whitelisting (i.e., provide a list of features that are approved and block everything else).