Fork me on GitHub
#ring
<
2020-05-24
>
emmanueloga06:05:50

I wonder if ring apps are generally vulnerable to keyword attacks... looking at https://github.com/mmcgrana/ring/blob/master/ring-core/src/ring/middleware/keyword_params.clj#L15 it looks like an attacker could request random url parameters repeatedly until filling the java process memory with interned keywords. I remember a similar attack on ruby/rails and symbols

mpenet08:05:47

I think they're interned into a weakmap, so they'd be gc

mpenet08:05:26

So it would just cause some gc churn, not a memory leak

mpenet08:05:16

If i recall correctly what you mention was an issue early on, like clj 1.1 or stg

kwladyka18:05:55

How to create prefix for URIs? I mean which can be whatever.

:server-port
  :server-name
  :schema
I was thinking about values above, but I am not sure how ring determine :server-name. Let’s say it will be in docker in k8s cluster. What will be this value then? How are you doing this? I have to return URLs to files on the server and I wanted keep it simple and not create additional configuration for host domain.

kwladyka18:05:10

Can I use server-name for this purpose without issues?

kwladyka18:05:27

What is the best practice?

franklineapiyo19:05:08

I'm looking for documentation/example on uploading files to a server using reitit and ring... please point me to the direction of such a resource if you know of any, thanks

franklineapiyo19:05:59

I have spent hours trying to figure out how to do this.... you could even point me to what documentation I should read 😢

ikitommi19:05:04

all reitit swagger-examples have upload implemented

franklineapiyo06:05:57

thanks for replying, I have seen these examples, however there are issues I still face that I can't figure out https://github.com/FrankApiyo/PainAndSuffering

franklineapiyo06:05:26

I'm still stuck whith this