Hi Marko, Marko Rauhamaa <ma...@pacujo.net> skribis:
> l...@gnu.org (Ludovic Courtès): > >> I don’t know to what extent that is applicable to your software, but my >> recommendation would be to treat that network socket as a Scheme port, >> pass it to ‘read’, and pass the result to ‘eval’ (as opposed to reading >> the whole string from C++ and passing it to ‘scm_eval_string’.) > > Octet stream sockets break the stream at arbitrary locations. Eval isn't > going to like it if you blindly hand bytes over to it. You first need to > break the stream into complete S-expressions. Sure, that’s what the ‘read’ part above does. > Secondly, this lucrative pattern can be very dangerous as it allows > arbitrary code to be executed at the peer end. In most applications, it > is better to interpret the S-expressions explicitly. Definitely. I’m not saying eval-over-the-network is a good thing to do in general, mind you! :-) Ludo’.
