this

this

关注
发信
由于org.eclipse.core.runtime无法启动eclipse
如何创建水平可滚动CardView
从文件夹中提取特定类型的文件
删除文字输入的内部阴影
如何最好地处理存储在 Google BigQuery 中不同位置的数据?
我如何格式化的ToString可空的日期时间()?
拳击会导致性能问题吗?
汇编binutils& amp; amp; gcc在一起?
如何在mySql中的多个列上定义条件非空约束?
为什么tintColor在iOS7的导航栏或工具栏上不起作用
如果再次单击它的父级,则保持未折叠的元素处于打开状态
Intellij IDEA:为JPA验证指定数据源
在Excel中找到重复次数最多的值,但仅在某些颜色的单元格中
生产中的 Rails 服务器如何工作?
Ubuntu-Linux的Objective-C环境设置

Lisp数据安全性/验证

扫码查看
本文介绍了Lisp数据安全性/验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

这真的对我来说只是一个概念性问题.

This is really just a conceptual question for me at this point.

在Lisp中,程序是数据,数据是程序. REPL正是这样做的-先读取然后求值.

In Lisp, programs are data and data are programs. The REPL does exactly that - reads and then evaluates.

那么如何以一种安全的方式从用户那里获得输入呢?显然有可能-我的意思是viaweb-现在Yahoo!Stores是相当安全的,那么它是如何做到的?

So how does one go about getting input from the user in a secure way? Obviously it's possible - I mean viaweb - now Yahoo!Stores is pretty secure, so how is it done?

推荐答案

REPL代表读取评估打印循环.

The REPL stands for Read Eval Print Loop.

(loop (print (eval (read))))

以上只是概念性的,实际的REPL代码要复杂得多(带有错误处理,调试等).

Above is only conceptual, the real REPL code is much more complicated (with error handling, debugging, ...).

您可以在Lisp中读取各种数据,而无需对其进行评估.评估是一个独立的步骤-与读取数据无关.

You can read all kinds of data in Lisp without evaluating it. Evaluation is a separate step - independent from reading data.

Lisp中有各种IO功能.提供的功能中最复杂的通常是READ,它读取s表达式. Common Lisp中有一个选项,允许在读取过程中进行评估,但是可以并且应该在读取数据时将其关闭.

There are all kinds of IO functions in Lisp. The most complex of the provided functions is usually READ, which reads s-expressions. There is an option in Common Lisp which allows evaluation during READ, but that can and should be turned off when reading data.

因此,Lisp中的数据不一定是程序,即使数据是程序,Lisp也可以将程序作为数据读取-无需评估. REPL仅应由开发人员使用,并且不应暴露给任意用户.为了从用户那里获取数据,需要使用常规的IO功能,包括READ之类的功能,该功能可以读取S表达式,但不对其进行评估.

So, data in Lisp is not necessarily a program and even if data is a program, then Lisp can read the program as data - without evaluation. A REPL should only be used by a developer and should not be exposed to arbitrary users. For getting data from users one uses the normal IO functions, including functions like READ, which can read S-expressions, but does not evaluate them.

以下是一些不应该做的事情:

Here are a few things one should NOT do:

  • 使用READ读取任意数据.读取示例可以读取非常大的数据-没有限制.

  • use READ to read arbitrary data. READ for examples allows one to read really large data - there is no limit.

在READ期间求值("read eval").应该将其关闭.

evaluate during READ ('read eval'). This should be turned off.

从I/O读取符号并调用其符号函数

read symbols from I/O and call their symbol functions

使用READ读取循环数据结构.在循环列表中查找可以使您的程序忙一阵子.

read cyclical data structures with READ, when your functions expect plain lists. Walking down a cyclical list can keep your program busy for a while.

在读取数据期间不处理语法错误.

not handle syntax errors during reading from data.

这篇关于Lisp数据安全性/验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-03 20:54
查看更多
Powered by LMLPHP ©2025 this 0.049909