I mentioned in the first message that javaop should also be disabled in a restricted eval.
On May 6, 5:18 pm, gary ng <garyng2...@gmail.com> wrote: > On Thu, May 6, 2010 at 4:19 AM, Mibu <mibu.cloj...@gmail.com> wrote: > > As far as I can tell, clj-sandbox works by a set whitelist of > > arbitrary functions, which is not a very generic approach. It works > > for sandboxes like clojurebot, but not for other stuff. > > > A restricted eval in all likelihood will not refer directly to > > clojure.core, and it's much better allowing the caller to specify by > > namespaces which functions are accessible. Maybe in the future > > clojure.core functions could be tagged depending on whether they are > > purely-functional or have side-effects, and a caller to a restricted > > eval will be able to automatically generate a new "safe-core" > > namespace based on this division. > > While we are talking about sandboxed eval, it is not just which function is > accessible but also things like .alterRoot which becomes a instance method > of a java object which goes a bit beyond clojure name space. with some > clever tricks, it is possible to get the var of a root binding then > .alterRoot and replace the definition. -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
