If you don't need the on-the-wire form to be human-readable, you should look at `racket/fasl`: https://docs.racket-lang.org/reference/fasl.html It can handle all of the acyclic data that `read` and `write` can (plus a little extra), it *doesn't* have `read`'s many configuration parameters that aren't really helpful for plain old data serialization, and it's fast and efficient.
For a human-readable format, `call-with-default-reading-parameterization` is the right answer. -Philip On Sun, Feb 28, 2021 at 5:33 PM Ryan Kramer <default.kra...@gmail.com> wrote: > Thanks everyone. I feel fine to use `read` for this use case now. I > overlooked `call-with-default-reading-parameterization` which specifically > mentions "reading from untrusted sources" so that is very reassuring. > > On Sunday, February 28, 2021 at 3:36:29 PM UTC-6 John K wrote: > >> >> >> On Feb 28, 2021, at 2:50 PM, Ryan Kramer <default...@gmail.com> wrote: >> >> >> […] >> >> >> I could use JSON or XML, but that just seems silly when you have a Racket >> client talking to a Racket server. >> >> Are my concerns founded? Are there any existing solutions? Thanks for any >> advice. >> >> >> I don’t think this necessarily answers your question, at least not >> directly, but receiving code from a remote client is certainly a potential >> security risk. >> >> Fortunately, Racket is well-adapted to writing (and parsing) a language >> (DSL) inside of the language. >> >> Personally I’m a fan of object capability mechanisms. In Scheme and >> Racket, some interesting places to start might be >> >> * Jonathan Rees’ Scheme-based “security kernel” paper: >> http://mumble.net/~jar/pubs/secureos/secureos.html >> * Marketplace by Tony Garnock-Jones: http://tonyg.github.io/marketplace/ >> >> Christoper Lemmer Webber (may be on this list even?) is working on >> something called Spritely Goblins, an implementation, in Racket, of the >> CapTP/VatTP protocols that were invented by Mark Miller and others in the E >> language ( >> http://www.erights.org/elib/capability/ode/ode-capabilities.html) and >> now being used in Javascript/SES. >> >> * https://docs.racket-lang.org/goblins/index.html >> >> And finally, for serializing object (capabilities), the other piece of >> relevant interesting work is CapnProto by Kenton Varda: >> https://capnproto.org/ >> >> Have fun :) >> >> - johnk >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Racket Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to racket-users...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/racket-users/a2580765-3cc2-482b-8d20-f62dc1e1dc91n%40googlegroups.com >> <https://groups.google.com/d/msgid/racket-users/a2580765-3cc2-482b-8d20-f62dc1e1dc91n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Racket Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to racket-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-users/cf2a07a1-adff-4a4b-9856-679c98c797cfn%40googlegroups.com > <https://groups.google.com/d/msgid/racket-users/cf2a07a1-adff-4a4b-9856-679c98c797cfn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/01000178016e58fb-d8cf5929-bf98-4cc3-add5-95f2b33fb63a-000000%40email.amazonses.com.
