Your last statement is incomplete. It all depends on trust. We do eval at runtime of code and data w/o edn but we know it comes from a secured source.
Doing such thing from an unsecured alien source would "potentially" look insane. Lets not presume about the insanity of the designer w/o some deeper analysis :))) Luc P. > Hi Daniel, > > I'm not an expert in security but AFAIK this is not a problem. Every user > input is a string and you chose how to parse it. There is a edn reader that > is safe, but you can use specific parsers depending on the input. Of course > if you read and eval the string anything could happen, but nobody would do > that. > > Best, > mynomoto > > On Tuesday, January 21, 2014 10:22:11 PM UTC-2, Daniel Compton wrote: > > > > I've been thinking for a while about what the security implications are > > for a homoiconic language like Clojure where code is data and data is code. > > What protections do you have against malicious input being automatically > > evaluated by the reader? It seems like every user input would be a possible > > case of 'Clojure injection'. Is this an issue or am I missing something > > really obvious here? > > > > Thanks, Daniel. > > > > -- > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with your > first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- Luc Prefontaine<lprefonta...@softaddicts.ca> sent by ibisMail! -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
