[racket] Limiting net-repl provided functions

From: Jukka Tuominen (jukka.tuominen at finndesign.fi)
Date: Mon Jun 27 09:42:38 EDT 2011

Haa, so you know Matthias but won't tell!? :)

The problem is not to make it work (since it works already), but to restrict
what it provided over TCP.

br, jukka


> -----Original Message-----
> From: Matthias Felleisen [mailto:matthias at ccs.neu.edu]
> Sent: 27 June 2011 16:04
> To: Jukka Tuominen
> Cc: users at racket-lang.org
> Subject: Re: [racket] Limiting net-repl provided functions
>
>
>
> Since the server translates the symbol from the wire into a
> function call, I think this should be straightforward. -- Matthias
>
>
> On Jun 27, 2011, at 8:48 AM, Jukka Tuominen wrote:
>
> >
> > Hi,
> >
> > if I was to provide public NET-REPL servers (available at
> PLaneT), I wonder
> > if there's an easy and secure way to limit the provided functions per
> > server?
> >
> > Say, I have defined functions f1, f2, and f3, and would only
> like to provide
> > them over a TCP connection, but nothing else. Not even the
> basic primitives
> > (e.g. car, define, require, lambda...) or the net-repl service
> itself (to
> > prevent someone else starting a new service). Another server
> could provide a
> > different set of functions.
> >
> > The idea is to provide various Racket-powered Internet servers
> that could be
> > utilized remotely. E.g. by calling (eval-in-server [server]
> [port] [proc]),
> > you could operate on servers like...
> > - read-only access to public Liitin objects that you can fetch
> and evaluate
> > locally
> > - unified Liitin unit to be used for multiprocessing or choose where
> > processing makes most sense
> > - external SW/HW control, e.g. an embedded device control (pour-coffee,
> > water-temperature, water-left...)
> >
> > The basic client/server functionality is already working, but
> it's too big a
> > security risk outside LAN use. It seems to be easier to add
> functionality
> > than ripping them off. Perhaps creating a custom #%top definition to
> > interfere with the default symbol lookup...?
> >
> > Any help appreciated!
> >
> > br, jukka
> >
> >
> > |  J U K K A   T U O M I N E N
> > |  m a n a g i n g   d i r e c t o r  M. A.
> > |
> > |  Finndesign  Kauppiaankatu 13, FI-00160 Helsinki, Finland
> > |  mobile +358 50 5666290
> > |  jukka.tuominen at finndesign.fi  www.finndesign.fi
> >
> >
> > _________________________________________________
> >  For list-related administrative tasks:
> >  http://lists.racket-lang.org/listinfo/users
>



Posted on the users mailing list.