Add authentication

[dmarx]

I'm not a security expert, but I'm pretty sure this application runs the risk of enabling remote code execution. It will only execute code via source(), so any malicious code would need to be written to the server, and the dispatchr server would need to have read access on that location. It seems unlikely that this is actually a vulnerability, but I feel like it's probably a good idea to be concerned.

A simple way to add a little more safety would be to add user authentication. This wouldn't necessarily need to be required, but it should at least be an option. so something like:

Rscript dispatchr-authenticato.r -u userName -p passWord
Rscript dispatch.r do/some/thing.r arg0
Rscript dispatch.r do/some/thingelse.r arg1

[dmarx]

Andy suggested I consider using Rserv because it offers authentication out of the box. Looks viable:

• https://rforge.net/Rserve/doc.html
• https://rforge.net/RSclient/
• https://github.com/s-u/Rserve
• https://cran.r-project.org/web/packages/Rserve/Rserve.pdf
• https://cran.r-project.org/web/packages/RSclient/RSclient.pdf