Hi Daniel,

I'm not an expert in security but AFAIK this is not a problem. Every user 
input is a string and you chose how to parse it. There is a edn reader that 
is safe, but you can use specific parsers depending on the input. Of course 
if you read and eval the string anything could happen, but nobody would do 
that.

Best,
mynomoto

On Tuesday, January 21, 2014 10:22:11 PM UTC-2, Daniel Compton wrote:
>
> I've been thinking for a while about what the security implications are 
> for a homoiconic language like Clojure where code is data and data is code. 
> What protections do you have against malicious input being automatically 
> evaluated by the reader? It seems like every user input would be a possible 
> case of 'Clojure injection'. Is this an issue or am I missing something 
> really obvious here?
>
> Thanks, Daniel.
>

-- 
-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to