Re: [ANN] Reactive Server Pages

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Reactive Server Pages
From: Henk Boom <henk@...>
Date: Thu, 5 Aug 2010 18:05:51 -0400

On 5 August 2010 17:18, Chris Babcock <cbabcock@asciiking.com> wrote:
> On Thu, Aug 5, 2010 at 2:06 PM, Henk Boom <henk@henk.ca> wrote:
>> It seems that the user can change any internal variables of the
>> application by modifying the url, that seems like it could be a
>> security concern in some cases. Is there a way of preventing that?
>
> Like any web application, you still have to validate the user data.
> You keep your internal variables separate from the user variables and
> only load the user values into the *real* variables when they are
> inbounds. That's a fairly common source of bugs in web apps written by
> programmers whose experience is mostly on the desktop.

I agree. My concern is that every variable marked as reactive is
automatically and transparently modifiable by the user.

    henk

Follow-Ups:
- Re: [ANN] Reactive Server Pages, Chris Babcock

References:
- [ANN] Reactive Server Pages, Francisco Sant'anna
- Re: [ANN] Reactive Server Pages, Henk Boom
- Re: [ANN] Reactive Server Pages, Chris Babcock

Prev by Date: Re: LuaHPDF library
Next by Date: Re: C implementation of Generic For?
Previous by thread: Re: [ANN] Reactive Server Pages
Next by thread: Re: [ANN] Reactive Server Pages
Index(es):
- Date
- Thread