We have been delivering our software AOT compiled for a more than a year
roughly.
We never disabled read-eval...
We are sending messages serialized in Clojure on our message bus in our next
release
instead of serializing with Yaml.
We do however encrypt it and most of that traffic is concealed w
...and the moment I hit send I remembered that in a language like clojure -
read/eval is the only way to get code in the running system, unless you're
using AOT classes and turning that off would be essentially turning off clojure.
On 24/07/2011, at 12:04 AM, Mark Derricutt wrote:
> IMHO *read-
IMHO *read-eval* should ONLY ever be true -IF- you're using a REPL. Having
that on by default feels very insecure.
And whilst code is data, and would be great to pass around, thats awesome when
you're in a position to trust both ends of the system - but in the world of
browsers and javascript
The fact that "Read" and "Eval" are separate steps is fundamental here. The
ClojureScript reader does not eval, and the Clojure reader gives you the knobs
you need to do what you want.
Stu
> ...and immediately a new attack vector is born with Clojure structure
> injection attacks...
>
> I so
On Sat, 2011-07-23 at 03:03 -0700, Jozef Wagner wrote:
> That's why *read-eval* should IMHO default to false. Anybody knows the
> reason why it doesn't?
-1
>
> On Saturday, July 23, 2011 10:35:40 AM UTC+2, Mark Derricutt wrote:
> ...and immediately a new attack vector is born with Clojur
That's why *read-eval* should IMHO default to false. Anybody knows the
reason why it doesn't?
On Saturday, July 23, 2011 10:35:40 AM UTC+2, Mark Derricutt wrote:
>
> ...and immediately a new attack vector is born with Clojure structure
> injection attacks...
>
> I so hope people don't start pass
...and immediately a new attack vector is born with Clojure structure injection
attacks...
I so hope people don't start passing executable clojure back and forth.
On 23/07/2011, at 7:54 PM, Jozef Wagner wrote:
> Clojure can run on top of JVM, CLR and Javascript VM. Clojure data structures
> ca
