[racket] Limiting net-repl provided functions

From: Jukka Tuominen (jukka.tuominen at finndesign.fi)
Date: Mon Jun 27 08:48:43 EDT 2011


if I was to provide public NET-REPL servers (available at PLaneT), I wonder
if there's an easy and secure way to limit the provided functions per

Say, I have defined functions f1, f2, and f3, and would only like to provide
them over a TCP connection, but nothing else. Not even the basic primitives
(e.g. car, define, require, lambda...) or the net-repl service itself (to
prevent someone else starting a new service). Another server could provide a
different set of functions.

The idea is to provide various Racket-powered Internet servers that could be
utilized remotely. E.g. by calling (eval-in-server [server] [port] [proc]),
you could operate on servers like...
- read-only access to public Liitin objects that you can fetch and evaluate
- unified Liitin unit to be used for multiprocessing or choose where
processing makes most sense
- external SW/HW control, e.g. an embedded device control (pour-coffee,
water-temperature, water-left...)

The basic client/server functionality is already working, but it's too big a
security risk outside LAN use. It seems to be easier to add functionality
than ripping them off. Perhaps creating a custom #%top definition to
interfere with the default symbol lookup...?

Any help appreciated!

br, jukka

|  J U K K A   T U O M I N E N
|  m a n a g i n g   d i r e c t o r  M. A.
|  Finndesign  Kauppiaankatu 13, FI-00160 Helsinki, Finland
|  mobile +358 50 5666290
|  jukka.tuominen at finndesign.fi  www.finndesign.fi

Posted on the users mailing list.