Hi everyone!
So, here is my proposed enhancement to swank (see patch-file in the attachment). The idea is, that executing arbitrary code on the lisp core, which swank allows by default, is not always desirable. Hence, patch does following things: 1) Add SWANK::*READER* variable, which, when bound to a function when calling SETUP-SERVER, causes this function to be used when reading forms in SWANK-RPC::READ-FORM 2) SWANK::DISPATCH-EVENT's DESTRUCTURING-CASE is substituted by more flexible lookup in the hashtable. If SWANK::*VALID-RPC* list is bound to new value when calling SETUP-SERVER, then in this particular server only those new RPC's will be active.
1st change is useful, I think, not only for securing the reader in a way that I did in my CL-SECURE-READ system, but also if you actually want learn SWANK talk some non-s-exp-based protocol.
So, what do you think?
Yours sincerely, Alex