Re: Securing Clojure + Clojurescript Web App

2013-04-01 Thread albert cortez
Sorry if my comment about ajax was confusing. I actually meant the same thing as the original poster. I have a single page application which load everything over an initial route in compojure. Everything after that is done with your wonderful libraries shoreleave-ring/shoreleave-remote together

Re: Securing Clojure + Clojurescript Web App

2013-04-01 Thread Chas Emerick
I think different people are asking different questions here. Authenticating via an XHR or similar is very straightforward if you are using a single-step authentication method like the username/password interactive workflow. Just POST to the right URL with username/password data, and carry on

Re: Securing Clojure + Clojurescript Web App

2013-04-01 Thread albert cortez
In the same boat here. Trying to make a SPA and now am trying to figure out the easiest way to have ajax authentification. On Tuesday, February 26, 2013 5:24:09 PM UTC+1, Ari wrote: > > Hi, > > I'd appreciate suggestions on how I can/should secure my > clojure/clojurescript "single page web" app

Re: Securing Clojure + Clojurescript Web App

2013-04-01 Thread Kevin Albrecht
I have the same question as you. Did you ever find an answer, Ari? -Kevin Den fredagen den 1:e mars 2013 kl. 15:36:45 UTC+1 skrev Ari: > > > > On Tuesday, February 26, 2013 8:54:19 PM UTC-5, Ari wrote: >> >> On Tuesday, February 26, 2013 3:16:23 PM UTC-5, Chas Emerick wrote: >> >> >>> What do yo

Re: Securing Clojure + Clojurescript Web App

2013-03-01 Thread Ari
On Tuesday, February 26, 2013 8:54:19 PM UTC-5, Ari wrote: > > On Tuesday, February 26, 2013 3:16:23 PM UTC-5, Chas Emerick wrote: > > >> What do you mean by "sidesteps the auth"? If you're using >> shoreleave-remote-ring, then the handler produced by its wrap-rpc >> middleware is subject to

Re: Securing Clojure + Clojurescript Web App

2013-02-26 Thread Ari
On Tuesday, February 26, 2013 3:16:23 PM UTC-5, Chas Emerick wrote: > What do you mean by "sidesteps the auth"? If you're using > shoreleave-remote-ring, then the handler produced by its wrap-rpc > middleware is subject to whatever access controls you define via Friend. > - Chas Friend, a

Re: Securing Clojure + Clojurescript Web App

2013-02-26 Thread Chas Emerick
On Feb 26, 2013, at 11:24 AM, Ari wrote: > Hi, > > I'd appreciate suggestions on how I can/should secure my > clojure/clojurescript "single page web" app that relies heavily on > shoreleave-remote. With other frameworks, upon authentication I've created a > "roles" cookie that the clientside

Re: Securing Clojure + Clojurescript Web App

2013-02-26 Thread Paul deGrandis
Friend + Shoreleave's CSRF protection gets you most of the way there. The rest is up to you (iptables, ssh lock down, etc). Paul On Tuesday, February 26, 2013 9:30:18 AM UTC-8, Akhil Wali wrote: > > Here's a good > screencast

Re: Securing Clojure + Clojurescript Web App

2013-02-26 Thread Akhil Wali
Here's a good screencastto give you a quick tutorial. On Tue, Feb 26, 2013 at 10:57 PM, Akhil Wali wrote: > Checkout cemrick/friend . It handles > authentication as ring middleware. > > > >

Re: Securing Clojure + Clojurescript Web App

2013-02-26 Thread Akhil Wali
Checkout cemrick/friend . It handles authentication as ring middleware. On Tue, Feb 26, 2013 at 9:54 PM, Ari wrote: > Hi, > > I'd appreciate suggestions on how I can/should secure my > clojure/clojurescript "single page web" app that relies heavily on > shor

Securing Clojure + Clojurescript Web App

2013-02-26 Thread Ari
Hi, I'd appreciate suggestions on how I can/should secure my clojure/clojurescript "single page web" app that relies heavily on shoreleave-remote. With other frameworks, upon authentication I've created a "roles" cookie that the clientside uses to determine access rights to views, while on the