And this "festival --server" is a very unsafe solution due to the design of festival server mode.
Any other local user will only need to use the command:
> telnet localhost 1314
> (system "ls")
Basically you are opening a user shell to anyone with access to localhost. This:
- Gives access to your shell to any other local user (which is dangerous if there are other users in your computer)
We need a better alternative to this "festival --server" solution. Festival was designed with speech synthesis research purposes in mind, not as a user robust TTS system.
And this "festival --server" is a very unsafe solution due to the design of festival server mode.
Any other local user will only need to use the command:
> telnet localhost 1314
> (system "ls")
Basically you are opening a user shell to anyone with access to localhost. This:
- Gives access to your shell to any other local user (which is dangerous if there are other users in your computer)
- Gives access to your shell to any malicious website you visit that uses a DNS rebinding attack (dangerous, unless you don't visit websites or you disable javascript).See https:/ /security. stackexchange. com/questions/ 147175/ is-http- to-localhost- safe
We need a better alternative to this "festival --server" solution. Festival was designed with speech synthesis research purposes in mind, not as a user robust TTS system.