On Feb 26, 2013, at 11:24 AM, Ari wrote: > Hi, > > I'd appreciate suggestions on how I can/should secure my > clojure/clojurescript "single page web" app that relies heavily on > shoreleave-remote. With other frameworks, upon authentication I've created a > "roles" cookie that the clientside uses to determine access rights to views, > while on the serverside I use a "roles" session variable to determine access > rights to GET/POST data. But Shoreleave side-steps the serverside > authentication/authorization (via friend), so I'm not sure how to proceed.
What do you mean by "sidesteps the auth"? If you're using shoreleave-remote-ring, then the handler produced by its wrap-rpc middleware is subject to whatever access controls you define via Friend. - Chas -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
