This is the mail archive of the guile@cygnus.com mailing list for the guile project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Marius Vollmer writes: > ttn@netcom.com writes: > > > one way: [code deleted] > > This is not at all safe. In fact, it is pretty naive. you're right: (a) a form could have an embedded procedure that is unsafe; (b) aliases for unsafe procedures are easy to create; (c) the code as presented does not address authentication. i'm sure there are other reasons. i'm going to now guess that a "safe" eval must necessarily be implemented as a primitive. still, i don't really believe it and continue to wonder if there is any way one could create `safe-eval' from just Scheme? > > another way is to create a local environment via module system, etc. > > I don't think that the Java way of ebforcing security is the right > way. The traditional way of providing security is by given processes > some `user identity' and then deciding at the lowest level of the OS > whether that process os allowed to do something or not. These > mechanisms should be used by all security related things on the > system. > > When some remote server wants to execute some code on your system, > that server has to log in just like any other user. authentication is another safety measure, it's true. using traditional approaches makes sense, too. for the purposes of this discussion, however, i'm assuming that that layer can be handled independently. thi