Fork me on GitHub
#ring
<
2017-03-12
>
Ethan Miller08:03:21

I am trying to get a ring server running but am getting this error that I can’t decode: > Exception in thread "main" java.lang.NoClassDefFoundError: org/eclipse/jetty/http/HttpParser$ProxyHandler, compiling:(ring/adapter/jetty.clj:27:11)

Ethan Miller08:03:51

Looking at the stack, it seems to occur before any of my application’s code actually runs… Not sure what I’m doing wrong.

scknkkrer09:03:16

guys, I am developing a project with ring. And I have a silly question; Is ring safe ? Is there any protection to should I take ?

Ethan Miller09:03:08

@scknkkrer what do you mean by safe?

Ethan Miller09:03:29

I think the answer might be that it’s as safe as the protections that you configure.

scknkkrer09:03:34

for security.

Ethan Miller09:03:22

You can build as server with little or no security or with a lot using ring.

Ethan Miller09:03:09

Take a look at ring-defaults which includes some pre-batched protections for different kinds of services, e.g. “secure-site-defaults”: https://github.com/ring-clojure/ring-defaults

Ethan Miller09:03:17

I’m certainly not a ring expert, but it’s my understanding that the idea behind these “defaults” is to make it easy to follow best practices when it comes to setting up sensible features, including security protections, for different kind of services.

Ethan Miller09:03:46

So you can’t go wrong, I don’t think, by starting there, even if your service could ultimately require more specialized configuration.

Ethan Miller09:03:04

If you don’t use these tools, and just build the bare-minimum server, I think it’s fair to say that your server will not be secure.

scknkkrer13:03:59

Thanks a lot.