Friend + Shoreleave's CSRF protection gets you most of the way there. The rest is up to you (iptables, ssh lock down, etc).
Paul On Tuesday, February 26, 2013 9:30:18 AM UTC-8, Akhil Wali wrote: > > Here's a good > screencast<http://www.clojurewebdevelopment.com/videos/friend-interactive-form>to > give you a quick tutorial. > > > On Tue, Feb 26, 2013 at 10:57 PM, Akhil Wali <akhil....@gmail.com<javascript:> > > wrote: > >> Checkout cemrick/friend <https://github.com/cemerick/friend>. It handles >> authentication as ring middleware. >> >> >> >> On Tue, Feb 26, 2013 at 9:54 PM, Ari <ari.bran...@gmail.com <javascript:> >> > wrote: >> >>> Hi, >>> >>> I'd appreciate suggestions on how I can/should secure my >>> clojure/clojurescript "single page web" app that relies heavily on >>> shoreleave-remote. With other frameworks, upon authentication I've created >>> a "roles" cookie that the clientside uses to determine access rights to >>> views, while on the serverside I use a "roles" session variable to >>> determine access rights to GET/POST data. But Shoreleave side-steps the >>> serverside authentication/authorization (via friend), so I'm not sure how >>> to proceed. >>> >>> Thanks. >>> >>> -Ari >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Clojure" group. >>> To post to this group, send email to clo...@googlegroups.com<javascript:> >>> Note that posts from new members are moderated - please be patient with >>> your first post. >>> To unsubscribe from this group, send email to >>> clojure+u...@googlegroups.com <javascript:> >>> For more options, visit this group at >>> http://groups.google.com/group/clojure?hl=en >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Clojure" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to clojure+u...@googlegroups.com <javascript:>. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> >> >> -- >> Akhil Wali >> >> # http://github.com/darth10 <https://github.com/darth10> >> # http://darth10.github.com >> >> > > > -- > Akhil Wali > > # http://github.com/darth10 <https://github.com/darth10> > # http://darth10.github.com > > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
