This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-01-27
Channels
- # alda (21)
- # announcements (7)
- # beginners (70)
- # boot (95)
- # braid-chat (28)
- # bristol-clojurians (2)
- # cider (22)
- # clara (4)
- # cljsjs (13)
- # cljsrn (40)
- # clojure (93)
- # clojure-argentina (1)
- # clojure-art (1)
- # clojure-miami (3)
- # clojure-norway (1)
- # clojure-portugal (2)
- # clojure-russia (39)
- # clojure-sg (3)
- # clojurescript (25)
- # clojurian-chat-app (4)
- # community-development (5)
- # conf-proposals (20)
- # cursive (48)
- # datomic (39)
- # devcards (5)
- # dirac (4)
- # editors (2)
- # events (11)
- # funcool (65)
- # hoplon (95)
- # jobs (12)
- # ldnclj (4)
- # lein-figwheel (2)
- # leiningen (1)
- # om (311)
- # onyx (20)
- # philosophy (4)
- # proton (41)
- # re-frame (83)
- # reagent (49)
- # ring-swagger (3)
- # spacemacs (8)
- # yada (5)
More demos for hoplon: https://groups.google.com/forum/?hl=en#!topic/clojure/bR2JCXbUwYk
Hi all. I have a castra question:
I’ve been looking at the demos for castra-chat and castra-notify-chat, and I’m seeing these use *session*
for keeping track of a user’s session. Given that *session*
lives on the server, doesn’t changing that value change it for everyone?
Or maybe another way of approaching this question: how is the *session*
var supposed to be used?
@puzzler: yes, altho it has a dependency on javelin
@alandipert: Could you explain that dependency? It is exactly what I thought too, but I don't see it in castra build.boot https://raw.githubusercontent.com/hoplon/castra/master/build.boot
oh, i didn't realize - the dependency isn't explicit
mkremote
takes cell arguments but never constructs a cell, only calls reset! on existing ones
which is kind of cool because that means you could pass it atoms also
looking here - https://github.com/hoplon/castra/blob/master/src/castra/core.cljs#L113-L131
I'm getting an
clojure.lang.Compiler$CompilerException: java.lang.RuntimeException: No such var: ana/empty-state, compiling:(hoplon/boot_hoplon/refer.clj:22:9)
java.lang.RuntimeException: No such var: ana/empty-state
using hoplon 6-alpha11, boot-cljs 1.7.228-1 and clojure 1.7. Seems that some wrong tools.analyzer version is pulled. Is that a known issue?Hello! I have a problem with this @%
in form elements in IE.
The radio buttons works because I do not need to use @%
in click events. I can use @item
of a loop. But with a select, I seems I can't put click event on option element, so i can't use @selection
.
Context : the select must update a cell.
How can I achieve this?
much thanks in advance!
In short, this doesn't work in IE
(select
:change #(reset! cell @%) ...)
Anyone?
@leontalbot: you could probably use jquery methods in your change handler to get the value and update your cell
YES! I did
:change (fn [e] (reset! cell (.val (js/jQuery (.-target e)))))
and it works perfectly!Thanks @raywillig and also thanks to @alandipert for this article : http://hoplon.discoursehosting.net/t/hoplon-5-10-14-adds-deref-to-js-jquery-event-objects/221
@alandipert and @micha be aware that according to my tests on IE, this
:change #(reset! cell @%) ...)
doesn't workand good old
:change (fn [e] (reset! cell (.val (js/jQuery (.-target e)))))
does 😉@leontalbot: which version of IE?
I use http://www.browserstack.com and so far i've tested with IE 12, 11, and 9
Or my code in really bad, but still works with chrome, safari and ff 😉
This time, I didn't get any IDeref
error that i got with my checkboxes thing (on click events on a
element)
But the cell wouldn't update...
Thanks, @alandipert! That’s all I needed to know.
@leontalbot: which version of ie btw?
I use http://www.browserstack.com and so far i've tested with IE 12, 11, and 9
that stinks 😦
How does {:rpc/pre} work? I can't find documentation on it. :( I tried looking at the source, but I'm still a newbie, and I'm not too familiar with macros yet.
@levitanong: it's a place to define code that sohuld be run when the function is being called remotely
as opposed to in the repl
usually it's where we put authentication checks
that way calls are authenticated in the wild, but in the repl we can call directly without mocking auth
@alandipert: I see! and I'm guessing you don't want to deal with auth in the repl because of external stuff like session?
@levitanong: exactly right. you might have other logic in there like, "needs to be over https" or something that's not applicable in repl also
@alandipert: hurrah! Enlightenment. Thanks for the explanation, man!
sure np
Does Castra do any sort of obfuscating or have any security measures to make it harder for people to decompile or analyze the traffic to figure out how to access the server functions? I'm not really sure what the standard level of security for RPC is, but I just want to understand what sorts of things are "safe" to do with Castra. Thanks.
@puzzler: it's safe to do anything over castra you'd do with http (or https)
@puzzler: the client can only call functions that are explicitly added to the castra middleware
that's the same as a mvc type application where a REST request results in a function being called
@dm3 I'm thinking, for example, about a game client reporting a high score to the server. I'm not aware of any hack-proof technique, but there are ways you can obfuscate the payload that would be hard to figure out short of decompiling the source to reveal the obfuscation technique.
@dm3 The goal would be to make it hard for someone to submit to the server a falsified high score.
@dm3 Or imagine tracking a user's actions on a client and storing them in a database for later analysis. You want to prevent the user from spamming the database with false data.
@dm3 Encryption and signing would have to be done with a private key on the client side, which can be easily uncovered, wouldn't it?
@dm3 This isn't so much about verifying WHO it is coming from, it's about making sure the data originates truly from the client, and not some other program mimicking the client, and I don't know of any way to do that.
I'm thinking that user accounts vs anonymous is not the real issue (and standard security can solve that). For me, it's about making sure the data comes from the program I've put in the webpage, rather than another program. Mainly because I want to store that data in a database, and especially if I use something like Datomic that stores stuff forever, I don't want un-genuine data or denial-of-service-level-quantities of data stored in the database.
I'm not even sure if what I want is possible. But like I said, I can think of some ways that at least make it hard for people to figure out how to fake the incoming data.
I don't think you can have an authenticating signature without a public/private key scheme
this is an interesting technique: https://users.ece.cmu.edu/~adrian/projects/tesla-cryptobytes/tesla-cryptobytes.pdf
I guess since Hoplon is written/used at Adzerk, I could rephrase my question in terms of advertising (although I know little about that subject). Is there some standard technique to ensure that users don't falsify information that is tracked about ad clicks?
What is protected by signing the info server-side. Transmission between server and database? Does that solve the problem of a client sending false info?
we generate the impression data when the ad request is made, we sign it, and return it to the client
the client generates the impression pixel which hits our server again with the impression data attached to the pixel url
the process that receives the impression pixel request needs to tust that the data originated with our own adserver from an ad request
so a malicious client can't change the impression data, or we'll be able to detect it and ignore
So, should I move this to the hoplon demos? https://github.com/aatree/aademos
err, specifically, this: https://github.com/aatree/aademos/tree/master/lens