Request for Improvement (with patch): non-interning keyword lookup

[Brian Hurt]

Hi.  At work we have a need for the ability to do a non-interning keyword lookup.  Basically, we're getting data from the outside world that is sending us keywords.  What we're afraid of is a DOS attack where a client sends us a whole bunch of garbage keywords which we then intern, sucking down all of our memory.  On the other hand, maintaining a white list of known-good keywords is annoying and error prone.  So what we want is a function that, given a string, returns the keyword of the string if that keyword has already been interned, or nil if it hasn't (and don't intern the new keyword).  That way we bounce requests that use keywords we don't understand and don't run the risk of a DOS attack.

So what I'd like to add is a couple of small functions to the Keyword class- please see the attached diff.  I don't think that Clojure wrapper functions are necessary.  In the odd corner case these functions are necessary, the extra overhead of importing clojure.lang Keyword and calling the functions directly is not onerous.

Brian

[Mark Engelberg]

Why do you need to alter the keyword class? It seems from your
description like you can just deal with this easily enough in your own
client code.

Can't you just maintain a set of allowable strings, and then write a
function which takes the incoming string and checks it against the set
of allowable strings before converting it to a keyword?

[Brian Hurt]

Yeah, we could- in fact, that was how the code was originally written.  It turned into a serious maintenance pain, keeping the list of allowed keywords up to date.  When the main thing we really just wanted was just protection from a DOS attack, where a client causes us to intern a bunch of junk keywords.

Brian

[Mark Engelberg]

Ah, I see. Thanks for the clarification.

[Rich Hickey]

Ok by me. I would like a Clojure wrapper - find-keyword.

Please create an Assembla ticket and attach the patch to that.

Thanks,

Rich