Hi Daniel, I'm not an expert in security but AFAIK this is not a problem. Every user input is a string and you chose how to parse it. There is a edn reader that is safe, but you can use specific parsers depending on the input. Of course if you read and eval the string anything could happen, but nobody would do that.
Best, mynomoto On Tuesday, January 21, 2014 10:22:11 PM UTC-2, Daniel Compton wrote: > > I've been thinking for a while about what the security implications are > for a homoiconic language like Clojure where code is data and data is code. > What protections do you have against malicious input being automatically > evaluated by the reader? It seems like every user input would be a possible > case of 'Clojure injection'. Is this an issue or am I missing something > really obvious here? > > Thanks, Daniel. > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
