[Openmcl-devel] Lisp for the 21 century: how to deal with URLs

Rainer Joswig joswig at lisp.de
Mon Jun 8 07:54:25 UTC 2009


Am 08.06.2009 um 08:00 schrieb Alexander Repenning:

> It would be nice if we could bring Lisp into the 21 century by adding
> some kind of native support for URLs. For instance, with more and more
> people posting Lisp files by attaching them to emails how about being
> able to just load them via (load URL)? Chances are you already keep
> your files in some web accessible repository, e.g., Google Code/ svn
>
> At a conceptual level there is a question of how to integrate (or
> perhaps replace) the existing notion of CL pathnames with URLs. This
> will cause some headaches but could replace the portable logical
> pathnames with a long overdue modern approach.

'logical pathnames' and URLs are really very different things for  
different purposes.
Logical pathnames were invented to make file locations configurable  
and independent of physical location in groups of computers.

If you had URLs as a type of pathnames, it would still make sense to  
have logical pathnames and now allow pathname translations over URLs.

URLs are only a part of the solution. MIME types then are necessary,  
HTTP traffic, HTTPs, ...

>
> At an implementation level, in CCL, one could start by hacking load.
> If the pathname is a string starting with "http://" then the chance is
> pretty good that we are dealing with a URL
>
> (load "http://xmlisp.googlecode.com/svn/trunk/XMLisp/sources/IDE/specific/Mac%20CCL/anticipat-symbol-complete.lisp
> ")

I'm not sure 'LOAD' without any security story is more than a hack.

But the security problems are clear:

* unencrypted traffic can be manipulated easily
* DNS names and their resolution can be manipulated
* the files in public repositories can be manipulated
* proxies can manipulate the traffic they see
* CL has no security model, no sandboxes, LOAD executes code without  
any protection.

When you load a file over the web without any security and have the  
file contents immediately execute (LOAD executes code) - I'd say  
that's an invitation for all kinds of abuse.

>
> The file could be downloaded via HTTP, perhaps as temp file, and then
> loaded the "old" way. Even here there are questions. Should one use
> CFNetwork?  URLDownload looks temptingly simple but depreciated,
> NSURLDownload hmmmm....   just use TCP streams and make you own HTTP
> GET, ... so many options.
>
> With a bit more work one could do some clever local caching similar to
> Google Gears.
>
> Any suggestions?

CL-HTTP does some of that stuff already. I guess other Lisp based  
solutions, too. It has some simple functionality: COPY-FILES from and  
to HTTP, getting directory listings, ...

The useful stuff for HTTP access is:

* opening streams to HTTP resources for reading and writing
* copying text and binary data
* 'understanding' some types of 'directories'

regards,

Rainer Joswig

>
> Alex
>
>
> Prof. Alexander Repenning
>
> University of Colorado
> Computer Science Department
> Boulder, CO 80309-430
>
> vCard: http://www.cs.colorado.edu/~ralex/AlexanderRepenning.vcf
>
>
> _______________________________________________
> Openmcl-devel mailing list
> Openmcl-devel at clozure.com
> http://clozure.com/mailman/listinfo/openmcl-devel

Rainer Joswig, Hamburg, Germany
http://lispm.dyndns.org/
mailto:joswig at lisp.de



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clozure.com/pipermail/openmcl-devel/attachments/20090608/013367b8/attachment.html>


More information about the Openmcl-devel mailing list