[racket] Limiting net-repl provided functions

From: Matthias Felleisen (matthias at ccs.neu.edu)
Date: Mon Jun 27 09:04:06 EDT 2011

Since the server translates the symbol from the wire into a function call, I think this should be straightforward. -- Matthias

On Jun 27, 2011, at 8:48 AM, Jukka Tuominen wrote:

> Hi,
> if I was to provide public NET-REPL servers (available at PLaneT), I wonder
> if there's an easy and secure way to limit the provided functions per
> server?
> Say, I have defined functions f1, f2, and f3, and would only like to provide
> them over a TCP connection, but nothing else. Not even the basic primitives
> (e.g. car, define, require, lambda...) or the net-repl service itself (to
> prevent someone else starting a new service). Another server could provide a
> different set of functions.
> The idea is to provide various Racket-powered Internet servers that could be
> utilized remotely. E.g. by calling (eval-in-server [server] [port] [proc]),
> you could operate on servers like...
> - read-only access to public Liitin objects that you can fetch and evaluate
> locally
> - unified Liitin unit to be used for multiprocessing or choose where
> processing makes most sense
> - external SW/HW control, e.g. an embedded device control (pour-coffee,
> water-temperature, water-left...)
> The basic client/server functionality is already working, but it's too big a
> security risk outside LAN use. It seems to be easier to add functionality
> than ripping them off. Perhaps creating a custom #%top definition to
> interfere with the default symbol lookup...?
> Any help appreciated!
> br, jukka
> |  J U K K A   T U O M I N E N
> |  m a n a g i n g   d i r e c t o r  M. A.
> |
> |  Finndesign  Kauppiaankatu 13, FI-00160 Helsinki, Finland
> |  mobile +358 50 5666290
> |  jukka.tuominen at finndesign.fi  www.finndesign.fi
> _________________________________________________
>  For list-related administrative tasks:
>  http://lists.racket-lang.org/listinfo/users

Posted on the users mailing list.