[racket] Limiting net-repl provided functions
Hi,
if I was to provide public NET-REPL servers (available at PLaneT), I wonder
if there's an easy and secure way to limit the provided functions per
server?
Say, I have defined functions f1, f2, and f3, and would only like to provide
them over a TCP connection, but nothing else. Not even the basic primitives
(e.g. car, define, require, lambda...) or the net-repl service itself (to
prevent someone else starting a new service). Another server could provide a
different set of functions.
The idea is to provide various Racket-powered Internet servers that could be
utilized remotely. E.g. by calling (eval-in-server [server] [port] [proc]),
you could operate on servers like...
- read-only access to public Liitin objects that you can fetch and evaluate
locally
- unified Liitin unit to be used for multiprocessing or choose where
processing makes most sense
- external SW/HW control, e.g. an embedded device control (pour-coffee,
water-temperature, water-left...)
The basic client/server functionality is already working, but it's too big a
security risk outside LAN use. It seems to be easier to add functionality
than ripping them off. Perhaps creating a custom #%top definition to
interfere with the default symbol lookup...?
Any help appreciated!
br, jukka
| J U K K A T U O M I N E N
| m a n a g i n g d i r e c t o r M. A.
|
| Finndesign Kauppiaankatu 13, FI-00160 Helsinki, Finland
| mobile +358 50 5666290
| jukka.tuominen at finndesign.fi www.finndesign.fi