Hi all, I am thinking about a potential architecture for a webapp where in the server gets s expressions posted from an ajax web client.
>From a security standpoint, the s expressions are coming from an untrusted computer, and thus are in need of careful vetting. With my java dev hat on, i'd move forward by building a lexer, a parser, and a tree walker to interpret the incoming datastream, with careful consideration to the various potential attacks a malicious user can submit. I understand the lisp way is to use the reader plus macros to interpret the incoming data stream. This is hella cool in that it seriously cuts down on the amount of development work I have to do. The reader is already done, and using macros to build the tree walker? And have them applied to a stm core? Very lightweight in comparison to what I'd do traditionally. Very cool. My concern is, what are the security considerations of this architectural choice? Do I have to worry about people submitting malformed s expressions? Submitting s expressions that contain data that expands out reader macros? Do I have to watch for any particular bad code practices in constructing the macros? How do I go about error recovery and reporting on bad input? Thanks in advance. -- Brett Morgan http://brett.morgan.googlepages.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/clojure?hl=en -~----------~----~----~----~------~----~------~--~---
