[plt-scheme] eval when reading?

From: Noel Welsh (noelwelsh at yahoo.com)
Date: Fri Sep 8 02:49:04 EDT 2006

There isn't, and MzScheme allows fine grained control over
what you allow evaled code to do.  There are two main
mechanisms:

  - you can eval code in a custom namespace containing only
those functions you allow

  - you can use various security managers to disable file
and network access.

In addition to the MzScheme docs, see:

http://schemecookbook.org/Cookbook/DynamicEvalCustomNamespace

http://schemecookbook.org/Cookbook/DynamicUntrustedEval

HTH,
Noel

--- Paul Graham <pg at ycombinator.com> wrote:

> Is there anything in mzscheme like the #. of CL, which
> causes
> its arg to be evaluated when encountered by read?
> 
> I'm asking mainly because I'm hoping if there is, it's
> turned
> off by default, because I'm planning to call read on
> user-submitted
> input in a web app, and I don't want this to be a
> security hole.
> 
> Thanks!  --pg
> _________________________________________________
>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
> 


Email: noelwelsh <at> yahoo <dot> com   noel <at> untyped <dot> com
AIM: noelhwelsh
Blogs: http://monospaced.blogspot.com/  http://www.untyped.com/untyping/

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


Posted on the users mailing list.