On 17 June 2015 at 09:51, Thomas Heller th.hel...@gmail.com wrote:
On another note: Sessions in cookies should be VERY VERY small.
java.io.Serializable usually isn't small and especially if you go java
object - binary - base64 - base64 (yes twice) - encrypt. The size of
the cookie matters as
On 18 June 2015 at 00:54, Thomas Heller i...@zilence.net wrote:
On Wed, Jun 17, 2015 at 9:50 PM, James Reeves ja...@booleanknot.com
wrote:
On 17 June 2015 at 09:51, Thomas Heller th.hel...@gmail.com wrote:
On another note: Sessions in cookies should be VERY VERY small.
On Wed, Jun 17, 2015 at 9:50 PM, James Reeves ja...@booleanknot.com wrote:
On 17 June 2015 at 09:51, Thomas Heller th.hel...@gmail.com wrote:
On another note: Sessions in cookies should be VERY VERY small.
java.io.Serializable usually isn't small and especially if you go java
object - binary
Altering root vars is a bit of an annoying hack but it's the only way I've
found so far to be fully transparent with already-existing code and
libraries.
For anyone who needs Java serialization support I've wrapped all of this up
into a simple library, which can be found
here:
From glancing at the source, I think you should be able to do what you want
with clojure.core/*data-readers* and/or
clojure.core/*default-data-readers-fn*.
http://clojure.github.io/clojure/clojure.core-api.html#clojure.core/*data-readers*
It is not clearly documented that the edn reader checks
Hey,
the issue is not in clojure.core. It is with ring in this case, it uses
clojure.tools.reader.edn/read-string which supports an optional {:readers
{...}} argument but there is no way to specify those in ring. Should be a
fairly simple fix though, doing anything to clojure.edn won't help as
On Wednesday, June 17, 2015 at 4:52:00 AM UTC-4, Thomas Heller wrote:
Hey,
the issue is not in clojure.core. It is with ring in this case, it uses
clojure.tools.reader.edn/read-string which supports an optional {:readers
{...}} argument but there is no way to specify those in ring. Should
Let's not get into the motivation behind this too much -- the exact same
serialization problems exist if you write out the session to a database.
Ring also encrypts the cookies so the above issue is not a problem, it's
only on you to actually choose and protect your encryption key.
I came
Well, the exact same serialization problems do not exist with a database
because size doesn't matter so much. Security does matter more also because
of replay attacks, it is not just about keeping your key secret. Anyways,
that was meant as a warning.
I don't agree with the alterable var
I've been working on a Ring app that involves storing sessions as cookies,
and within the session there are a couple Java objects that implement
java.io.Serializable. I was somewhat surprised to find that the print-dup
multimethod didn't have native support for Java Serializables, though I can
10 matches
Mail list logo
