If your untrusted S-expressions are expected to be pure functions on some input to some output, then you can use the existing java sandboxing features[1] to execute/read/whatever them in threads that are locked down tight. Then after sanitizing the output (which should be raw data), and you're done.
That's what I think, at least. [1]: http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html On Wed, Oct 22, 2008 at 10:30 AM, Brett Morgan <[EMAIL PROTECTED]> wrote: > Hi all, > > I am thinking about a potential architecture for a webapp where in the > server gets s expressions posted from an ajax web client. > > From a security standpoint, the s expressions are coming from an untrusted > computer, and thus are in need of careful vetting. > > With my java dev hat on, i'd move forward by building a lexer, a parser, and > a tree walker to interpret the incoming datastream, with careful > consideration to the various potential attacks a malicious user can submit. > > I understand the lisp way is to use the reader plus macros to interpret the > incoming data stream. This is hella cool in that it seriously cuts down on > the amount of development work I have to do. The reader is already done, and > using macros to build the tree walker? And have them applied to a stm core? > Very lightweight in comparison to what I'd do traditionally. Very cool. > > My concern is, what are the security considerations of this architectural > choice? Do I have to worry about people submitting malformed s expressions? > Submitting s expressions that contain data that expands out reader macros? > Do I have to watch for any particular bad code practices in constructing the > macros? How do I go about error recovery and reporting on bad input? > > Thanks in advance. > > -- > > Brett Morgan http://brett.morgan.googlepages.com/ > > > > -- Venlig hilsen / Kind regards, Christian Vest Hansen. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/clojure?hl=en -~----------~----~----~----~------~----~------~--~---
