On Wed, May 9, 2012 at 5:01 PM, Rostislav Svoboda <rostislav.svob...@gmail.com> wrote: > On 9 May 2012 17:31, Tassilo Horn <tass...@member.fsf.org> wrote: >> you should bind *read-eval* to false when reading data from unknown sources. > > This is the point! On one hand I need to evaluate data from a client > on the other hand I'd like to filter out things like "rm -rf /", "drop > table users" etc.
The best practice is to not evaluate data from your client but to read it, and process it. It is a hard problem to decide if a given piece of code in any language can be safely evaluated or not. If you really need to evaluate program from hostile clients, design a small language allowing only safe programs and write a translater into clojure then eval the result. -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
