Rostislav Svoboda <[email protected]> writes: >> Simply don't `eval` code/data from sources you don't trust. > > In a client-server architecture the thing I (i.e. the server) don't > trust is the client... and I'm not sure if I can ignore him just like > that :)
Not evaluating everything a client sends you doesn't mean ignoring him. As other's already mentioned, you can read data he sends you, but you shouldn't eval it, i.e., you should bind *read-eval* to false when reading data from unknown sources. Bye, Tassilo -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to [email protected] Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/clojure?hl=en
