webMathematica™ Wolfram - Wolfram Research

webMathematica User Guide 161An example of MSPSessionVariable is shown in Session.jsp.SecuritywebMathematica security can be divided into two parts. First, there is security concerned withgeneral web server security. Secondly, there is security concerned with the use of Mathematicalanguage programs inside a web server.Server SecuritywebMathematica is based on standard web server technology: Java Servlet and JavaServerPages (JSPs). Typically, it runs in a server called a servlet container such as Apache Tomcat.This greatly facilities security issues, because these technologies already have many welldocumentedand well-understood security features.The Apache Tomcat wiki site, http://wiki.apache.org/tomcat/FAQ/Security, states "There havebeen no public cases of damage done to a company, organization, or individual due to a Tomcatsecurity issue." Many other servlet containers have similar security records.To decide how much security to add to your server, start by checking the security policy of yourorganization. You can then decide whether you want to add features such as restricting serveraccess to users within your organization, locating the server in some special network, setting upauthentication, and using HTTPS for communication.These security features, and many others, are all well supported for many types of servers.Remember that some of these solutions, such as restricting access, might not be available to allwebMathematica licenses.Mathematica Program SecurityMathematica is a general programming language with many features and tools for interactingwith the computer on which it runs. For example, it can add, delete, and modify files as well aslaunch and run programs. Since webMathematica executes Mathematica programs on theserver, this means there are security implications. It is necessary to prevent unintended executionof Mathematica code.