The socket repl is inherently not secure. It allows anyone to connect and
run arbitrary code on the process. However, by default it is not running -
you need to add extra system properties to start the server(s). If someone
can start your server with arbitrary system properties, I'd say that is a
On Friday, April 13, 2018 at 12:51:07 PM UTC-5, Didier wrote:
> I'd love an independent penetration and security audit of the Clojure
> codebase. Especially around the socket repl in a localhost restricted way
> and making sure its not exploitable.
> I wonder how much it costs, and if Clojurist together could have one
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to firstname.lastname@example.org
Note that posts from new members are moderated - please be patient with your
To unsubscribe from this group, send email to
For more options, visit this group at
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.