MaximaPHP is a web interface to access Maxima computer algebra system in server.
The first and current version is 0.1.0
March 26, 2007, 0.1.0 is out, an ALPHA release
If you find a bug please post it at:
MaximaPHP is hosted at my-tool.com, with downloads and mailing list through
For a list of people who have helped work on this project please read the
MaximaPHP 0.1.0 is released under the GPL version 2, text is in
MaximaPHP currently can do the following:
- send almost any command to Maxima program in server
(including 'plot2d' and 'plot3d' to plot graph)
- separate classes into three categories:
- main classes to access Maxima
- security classes to check the input
- and viewer classes to take the input and show the output
- provide Viewer Generator to generate new viewer classes
MaximaPHP currently implements a several security measures to prevent user
from accidentally sending some harmful commands to the server.
- wrap Maxima program with 'maxima_with_timeout.pl' a perl script that
launch Maxima program within a controlled timeout limit.
- wrap TtM program with 'ttm_with_timeout.pl' a perl script that
launch TtM program within a controlled timeout limit.
- filter out input blocker, that blocks any commands considered
Filter out mechanism checks the input for a blacklist of unsecure commands
and rejects any one matched. This mechanism will do its job if we can guarantee
that all unsecure commands is in the list. However, this is a difficult task.
We may somehow fail to see that some commands is actually unsecure
for many reasons.
A class called MPSFilterOut is responsible to check the input and block any
commands that are considered unsecure.
The filter out measures implemented are
- blocks unsecure Maxima keywords
- blocks unsecure Maxima patterns
- blocks unsecure Gnuplot keywords
- blocks unsecure Gnuplot patterns
These keywords and patterns that considered unsecure are obtained by checking
the documentation of Maxima 5.11.0 as well as Gnuplot 4.2.0
NOTE: I cannot guarantee that all harmful keywords and patterns can be blocked.
You may want to make sure by yourself that it is really secure by checking the
Maxima and Gnuplot documentation thoroughly.
MaximaPHP currently have only a filter out mechanism to block unsecure commands.
However, some of unsecure commands may be not in the blacklist, and this may
be exploited to break the server.
I do not recommend you to use current release of MaximaPHP in a production site.
If you insist to use MaximaPHP in production site, I recommend that you take
additional security measures in the server side, such as:
Current release of MaximaPHP is bundled with the following viewers:
- Main viewer: to send arbitrary command to Maxima
- Simplify: to simplify any math expression
- Expand: to expand any math expression
- Factor: to factor any math expression
- Cellular Automata: to generate and plot cellular automata
- Viewer Generator: to generate new viewer class
Thanks to all Maxima development team in their mailing list
firstname.lastname@example.org which gave me nice support and discussion
regarding the development of MaximaPHP.
Thanks to EVERYONE who has provided ideas and input, without you,
MaximaPHP would be nothing.
if you have any questions please email
bowo prasetyo email@example.com
Log in to post a comment.