On Thu, May 6, 2010 at 4:19 AM, Mibu <mibu.cloj...@gmail.com> wrote: > As far as I can tell, clj-sandbox works by a set whitelist of > arbitrary functions, which is not a very generic approach. It works > for sandboxes like clojurebot, but not for other stuff. > > A restricted eval in all likelihood will not refer directly to > clojure.core, and it's much better allowing the caller to specify by > namespaces which functions are accessible. Maybe in the future > clojure.core functions could be tagged depending on whether they are > purely-functional or have side-effects, and a caller to a restricted > eval will be able to automatically generate a new "safe-core" > namespace based on this division. > > While we are talking about sandboxed eval, it is not just which function is accessible but also things like .alterRoot which becomes a instance method of a java object which goes a bit beyond clojure name space. with some clever tricks, it is possible to get the var of a root binding then .alterRoot and replace the definition.
-- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
