From: norman werner
Subject: security / webprogramming
Date: 
Message-ID: <b301fb47.0408161055.52a72ca8@posting.google.com>
Hello,

I am playing around now with the fine modutils-package.
I am quite content with progress - but already i am finding myself 
using 

(read-from-string "user entered data") 

and although i am by no means an expert regarding lisp or programming 
in general i do realize that this is certainly a bad idea.


So my question goes:

What are youre TOP-5 stupidities 
from an security point of view regarding 
lisp-programming for the www?

thanks

Norman
From: norman werner
Subject: Re: security / webprogramming
Date: 
Message-ID: <b301fb47.0408162216.4d2aa5d1@posting.google.com>
·············@student.uni-magdeburg.de (norman werner) wrote in message news:<····························@posting.google.com>...
> Hello,
> 
> I am playing around now with the fine modutils-package.
>....

modlisp. there is no reason to call it modutils.
i have to remember this.


Norman
From: John Thingstad
Subject: Re: security / webprogramming
Date: 
Message-ID: <opscvc1jcbpqzri1@mjolner.upc.no>
Well, I can emtion one. Not setting read-eval to nil when reading from a  
stream.

On 16 Aug 2004 11:55:20 -0700, norman werner  
<·············@student.uni-magdeburg.de> wrote:

> Hello,
>
> I am playing around now with the fine modutils-package.
> I am quite content with progress - but already i am finding myself
> using
>
> (read-from-string "user entered data")
>
> and although i am by no means an expert regarding lisp or programming
> in general i do realize that this is certainly a bad idea.
>
>
> So my question goes:
>
> What are youre TOP-5 stupidities
> from an security point of view regarding
> lisp-programming for the www?
>
> thanks
>
> Norman



-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
comp.lang.lisp / 2004 / aug