[plt-scheme] Is read safe for untrusted data?

From: Jepri (jepri at babylon.alphacomplex.org)
Date: Fri Aug 5 07:01:05 EDT 2005

Hi,
I've looked around a bit for an answer to this question but I think at 
some point I do need to ask the implementors.  Is the (read port) 
function ok for untrusted data?  Could I  make an internet server where 
I (read ) straight from the port, and then check the s-expressions I get 
from read?  I'm worried about unwanted code execution, overflows etc.  
The documentation implies that it should be ok to do this, but doesn't 
really say it outright.

I don't mind using read-char or something to clean the input first, I'd 
just like to avoid back dooring my server.

TIA,
Jeremy



Posted on the users mailing list.