Just joking :) There are a bunch of "golden rules" that violate on a regular basis for good reasons.
With some satisfaction I have to confess. When you have a muti purpose tool in your hands that you can bend to almost any use it's hard to be restrained by taboos :) Luc P. > Sorry Luc P., you are right. > I meant that people wouldn't do that without a good reason, but it was not > what I wrote. > > On Wednesday, January 22, 2014 3:10:27 AM UTC-2, Luc wrote: > > > > Your last statement is incomplete. > > > > It all depends on trust. We do eval at > > runtime of code and data w/o edn > > but we know it comes from a secured > > source. > > > > Doing such thing from an unsecured > > alien source would "potentially" look insane. Lets not presume about > > the insanity of the designer w/o some deeper analysis :))) > > > > Luc P. > > > > > Hi Daniel, > > > > > > I'm not an expert in security but AFAIK this is not a problem. Every > > user > > > input is a string and you chose how to parse it. There is a edn reader > > that > > > is safe, but you can use specific parsers depending on the input. Of > > course > > > if you read and eval the string anything could happen, but nobody would > > do > > > that. > > > > > > Best, > > > mynomoto > > > > > > On Tuesday, January 21, 2014 10:22:11 PM UTC-2, Daniel Compton wrote: > > > > > > > > I've been thinking for a while about what the security implications > > are > > > > for a homoiconic language like Clojure where code is data and data is > > code. > > > > What protections do you have against malicious input being > > automatically > > > > evaluated by the reader? It seems like every user input would be a > > possible > > > > case of 'Clojure injection'. Is this an issue or am I missing > > something > > > > really obvious here? > > > > > > > > Thanks, Daniel. > > > > > > > > > > -- > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "Clojure" group. > > > To post to this group, send email to clo...@googlegroups.com<javascript:> > > > Note that posts from new members are moderated - please be patient with > > your first post. > > > To unsubscribe from this group, send email to > > > clojure+u...@googlegroups.com <javascript:> > > > For more options, visit this group at > > > http://groups.google.com/group/clojure?hl=en > > > --- > > > You received this message because you are subscribed to the Google > > Groups "Clojure" group. > > > To unsubscribe from this group and stop receiving emails from it, send > > an email to clojure+u...@googlegroups.com <javascript:>. > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > > Luc Prefontaine<lprefo...@softaddicts.ca <javascript:>> sent by ibisMail! > > > > -- > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to clojure@googlegroups.com > Note that posts from new members are moderated - please be patient with your > first post. > To unsubscribe from this group, send email to > clojure+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Clojure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to clojure+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- Luc Prefontaine<lprefonta...@softaddicts.ca> sent by ibisMail! -- -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
