Fork me on GitHub
#clojure-spec
<
2021-08-05
>
dgb2300:08:57

Instead of making parsing more performant (which is certainly a good thing) one can treat payload size and request frequency as separate problems and simply reject stuff that goes above a certain threshold respectively. In common, simple cases it’s enough to have sensible heuristics for each of those. At scale one likely needs statistical models. In other words, spec is concerned with analysing stuff that’s already read (parsed), so I would assume you put those kind of checks before it.

3
emccue00:08:40

@franco.gasperino

(mu/closed-schema [:map ["thing" :string] ["other" [:map ["thing" :int]]]])

emccue00:08:12

you can join the malli dark side

dgb2300:08:32

I talked a bit with a googler who was working on systems that detect anomal request patterns on the edges a couple of years ago, was quite fascinating.

dgb2300:08:27

If a stranger keeps loudly knocking on your door with a big hammer, you don’t ask for their credentials, just call the police.

🙂 3
vemv00:08:02

OTOH rolling out a ML-powered infrastructure sec thingy sounds like a 10x harder problem Still one worth solving though

dgb2300:08:08

I shouldn’t have started to think about web security before going to bed…

vlaaad19:08:20

(let [s (s/cat :cat? (s/? (s/cat :int int?)))]
  (s/unform s (s/conform s [1])))
=> ((1))
should be (1)

Franco Gasperino20:08:39

@seancorfield @vemv @denis.baudinot Thanks for the discussion.

👋 3
🍻 3