This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-02-19
Channels
Portal is awesome 🥳 @djblue thanks a lot for creating this great tool.
We currently making our domain model navigable with clojure.core.protocols.Navigable
This would also be very helpful to troubleshoot support cases on the production system. Of course only for authorized super admins 😄 However, does portal eval client inputs somewhere or can you think of anything else that yields a security risk, even behind a solid authentication and authorization layer?
Portal doesn't have arbitrary eval. The host runtime exposes a set of vars that can be invoked. However, you can easily add eval as an invokable function which would then allow for arbitrary eval 😆
A bigger issue IMO would be forgetting to (remove-tap portal.api/submit)
as that would lead to a memory leak for any tap>
'd values.