tools.namespace.repl refresh is trying to refresh test dependencies we don't need

[Christopher Poile]

Hi all,

clojure.tools.namespace.repl/refresh tries to load (and run) the test files 
from a dependent project and, since we don't use midje on the main project, 
it fails when it can't find midje on the classpath. The dependent project 
is a symlink in the checkouts directory, and that project depends on midje 
in its :dev profile. I am starting the repl through cider-jack-in, and the 
:dev profile is active in the main project, but from reading the lein docs 
it seems that maybe the :dev profile isn't being activated for the 
dependent project?

I could add midje as a depency in my main project (which is what I'm doing 
now to stop the error), but is there a better way to fix this?
Thanks to anyone who can help solve this.

Chris.

-- 
You received this message because you are subscribed to the Google
Groups Clojure group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
Clojure group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Help a Startup use Clojure!

[Christopher Poile]

Jarrod,
The book Clojure 
Programminghttp://www.amazon.com/Clojure-Programming-Chas-Emerick-ebook/dp/B007Q4T040has
 a chapter (19) dedicated to your very question. I think the most 
important piece of advice is Be Prudent by choosing where Clojure fits 
and by starting slow. Try to find small self-contained problems and solve 
them. This will demonstrate the language's usefulness far better than any 
logical argument could.

On Tuesday, March 11, 2014 3:31:43 PM UTC-6, Jarrod Swart wrote:

 Gary, 

 Thanks for your observations.  I agree it doesn't necessarily have to be 
 all or nothing.  I'm hoping to get as much as possible insight before I 
 present to the founders.


-- 
You received this message because you are subscribed to the Google
Groups Clojure group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
Clojure group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Compiling Clojure security knowledge

[Christopher Poile]

On Monday, September 2, 2013 8:10:10 PM UTC-6, Nelson Morris wrote:


 

 Several of Yesod's responses to other items on the list are humorous in 
 there vagueness, but in my experience for clojure:

 1.Injection:   Done by JDBC's prepared statements, and clojure.jdbc's use 
 of them
 2. XSS injection:   Depends on templating.  Hiccup requires explicit `(h 
 ..)` calls.  laser is escape by default.  I am unsure about enlive, 
 clabango, or others.
 3. Authentication  Session Management:  I've used friend for 
 authentication, and bcrypt for encryption.  lib-noir has some functions 
 that use bcrypt, but I've not used it. Session management can be specified 
 by the :store given to wrap-session, and defaults to a in memory store.  A 
 cookie store also exists that provides some protection against cookie 
 mutation.  Immutant provides a store that can work across a cluster.
 4. Insecure Reference:  There is not a standard ORM or similar, so 
 handling only the correct parameters is up to you.
 5. CSRF:  ring-anti-forgery provides a way to add CSRF prevention tokens
 6. Security Misconfiguration: This seems to be the domain of chef, pallet, 
 puppet, capistrano or another deployment tool.  I'm not sure I want my 
 libraries to mess with deployments.
 7. Insecure Cryptographic Storage: Use bcrypt. See 3.
 8. Failure to Restrict URL access: I've used friend for authorization.
 9. Insufficient Transport Layer Protection: I'd recommend letting your 
 front end server handle this and redirect to https.  I believe lib-noir has 
 a middleware that will redirect from http to https if needed. Consider 
 passing `:secure true` to `wrap-cookies` if you have an https only site.
 10. Unvalidated Redirects and Forwards: Url generation is a weakspot in a 
 compojure based setup. For comparison, pedestal-service wrote its own 
 routing dsl and stores the routes in a way that allows url generation based 
 on the context passed in.

 I believe the use of many small libraries is what causes the lack of a 
 single spot for this documentation. I've picked up most of what I described 
 above by knowing the authors / what to google / asking + watching irc. 
  That does seem like an unfortunate situation for anyone new to have to 
 learn.

 -
 Nelson Morris


Thank you to Nelson for compiling this list. Since it was posted a number 
of months ago, has anyone recently written or stumbled over a go-to site 
for security in Clojure web/non-web apps? The clojure-sec group seems to be 
dead, but let me know if we should take the thread over there.

-
Christopher Poile

-- 
You received this message because you are subscribed to the Google
Groups Clojure group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
Clojure group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.