This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-10-09
Channels
- # announcements (23)
- # asami (25)
- # babashka (38)
- # beginners (53)
- # calva (17)
- # clara (5)
- # clj-commons (1)
- # clj-kondo (18)
- # clojure (11)
- # clojure-europe (17)
- # clojure-france (1)
- # clojure-germany (5)
- # clojure-nl (2)
- # clojure-sg (4)
- # conjure (3)
- # deps-new (6)
- # fulcro (16)
- # off-topic (46)
- # pedestal (11)
- # react (2)
- # reagent (5)
- # reclojure (7)
- # rewrite-clj (1)
- # sci (18)
- # shadow-cljs (75)
- # sql (3)
- # xtdb (12)
I’ve been looking at remove-ns
and load-file
as suggested in https://github.com/cerner/clara-rules/issues/40 for allowing clients to write rules - I’m worried though that this is very insecure, as both load-file
and triggering the rules can execute arbitrary code.
Anyone solved this already? Using a security manager? (This is the context behind this thread: https://clojurians.slack.com/archives/C053AK3F9/p1633691822450600)
We might define a DSL, would perhaps be a simpler way to make it hot reload without running untrusted code.
@robert511 rules and query constructs can be directly passed in a collection to make a session