If you don't need the on-the-wire form to be human-readable, you should look at `racket/fasl`: https://docs.racket-lang.org/reference/fasl.html It can handle all of the acyclic data that `read` and `write` can (plus a little extra), it *doesn't* have `read`'s many configuration parameters that aren't really helpful for plain old data serialization, and it's fast and efficient.
For a human-readable format, `call-with-default-reading-parameterization` is the right answer. -Philip On Sun, Feb 28, 2021 at 5:33 PM Ryan Kramer <[email protected]> wrote: > Thanks everyone. I feel fine to use `read` for this use case now. I > overlooked `call-with-default-reading-parameterization` which specifically > mentions "reading from untrusted sources" so that is very reassuring. > > On Sunday, February 28, 2021 at 3:36:29 PM UTC-6 John K wrote: > >> >> >> On Feb 28, 2021, at 2:50 PM, Ryan Kramer <[email protected]> wrote: >> >> >> […] >> >> >> I could use JSON or XML, but that just seems silly when you have a Racket >> client talking to a Racket server. >> >> Are my concerns founded? Are there any existing solutions? Thanks for any >> advice. >> >> >> I don’t think this necessarily answers your question, at least not >> directly, but receiving code from a remote client is certainly a potential >> security risk. >> >> Fortunately, Racket is well-adapted to writing (and parsing) a language >> (DSL) inside of the language. >> >> Personally I’m a fan of object capability mechanisms. In Scheme and >> Racket, some interesting places to start might be >> >> * Jonathan Rees’ Scheme-based “security kernel” paper: >> http://mumble.net/~jar/pubs/secureos/secureos.html >> * Marketplace by Tony Garnock-Jones: http://tonyg.github.io/marketplace/ >> >> Christoper Lemmer Webber (may be on this list even?) is working on >> something called Spritely Goblins, an implementation, in Racket, of the >> CapTP/VatTP protocols that were invented by Mark Miller and others in the E >> language ( >> http://www.erights.org/elib/capability/ode/ode-capabilities.html) and >> now being used in Javascript/SES. >> >> * https://docs.racket-lang.org/goblins/index.html >> >> And finally, for serializing object (capabilities), the other piece of >> relevant interesting work is CapnProto by Kenton Varda: >> https://capnproto.org/ >> >> Have fun :) >> >> - johnk >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Racket Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/racket-users/a2580765-3cc2-482b-8d20-f62dc1e1dc91n%40googlegroups.com >> <https://groups.google.com/d/msgid/racket-users/a2580765-3cc2-482b-8d20-f62dc1e1dc91n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/cf2a07a1-adff-4a4b-9856-679c98c797cfn%40googlegroups.com > <https://groups.google.com/d/msgid/racket-users/cf2a07a1-adff-4a4b-9856-679c98c797cfn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/01000178016e58fb-d8cf5929-bf98-4cc3-add5-95f2b33fb63a-000000%40email.amazonses.com.
