There's been a lot of back-and-forth on the comp.lang.tcl and the Tcl'ers wiki lately about handling user input safely.

Currently I'm using serialized XOTcl objects as user session data. The data gets saved to a file, and "source" is used to restore it. It all works well. But since the data is on the filesystem, it's possible for a user to edit the data or to load an arbitrary file ("Try this session...").

It seems like the standard Tcl answer is to source the session file in a safe interpreter, but (I think) that means I would need to alias all my XOTcl object constructors into the safe interpreter. Is this correct? Is there an easy way to do this?

How do others deal with this sort of issue?

Scott

Notice
The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of the message, or any action taken by you in reliance on it, is prohibited and may be unlawful. If you have received this message in error, please delete it and contact the sender immediately. Thank you.