Sorry Luc P., you are right. I meant that people wouldn't do that without a good reason, but it was not what I wrote.
On Wednesday, January 22, 2014 3:10:27 AM UTC-2, Luc wrote: > > Your last statement is incomplete. > > It all depends on trust. We do eval at > runtime of code and data w/o edn > but we know it comes from a secured > source. > > Doing such thing from an unsecured > alien source would "potentially" look insane. Lets not presume about > the insanity of the designer w/o some deeper analysis :))) > > Luc P. > > > Hi Daniel, > > > > I'm not an expert in security but AFAIK this is not a problem. Every > user > > input is a string and you chose how to parse it. There is a edn reader > that > > is safe, but you can use specific parsers depending on the input. Of > course > > if you read and eval the string anything could happen, but nobody would > do > > that. > > > > Best, > > mynomoto > > > > On Tuesday, January 21, 2014 10:22:11 PM UTC-2, Daniel Compton wrote: > > > > > > I've been thinking for a while about what the security implications > are > > > for a homoiconic language like Clojure where code is data and data is > code. > > > What protections do you have against malicious input being > automatically > > > evaluated by the reader? It seems like every user input would be a > possible > > > case of 'Clojure injection'. Is this an issue or am I missing > something > > > really obvious here? > > > > > > Thanks, Daniel. > > > > > > > -- > > -- > > You received this message because you are subscribed to the Google > > Groups "Clojure" group. > > To post to this group, send email to clo...@googlegroups.com<javascript:> > > Note that posts from new members are moderated - please be patient with > your first post. > > To unsubscribe from this group, send email to > > clojure+u...@googlegroups.com <javascript:> > > For more options, visit this group at > > http://groups.google.com/group/clojure?hl=en > > --- > > You received this message because you are subscribed to the Google > Groups "Clojure" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to clojure+u...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > Luc Prefontaine<lprefo...@softaddicts.ca <javascript:>> sent by ibisMail! > -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
