[Haskell-cafe] What is the maturity of Haskell Web Frameworks
Brandon S. Allbery KF8NH
allbery at ece.cmu.edu
Thu Jun 5 00:14:25 EDT 2008
On 2008 Jun 4, at 22:30, Paul L wrote:
> The server is then very much like a VM or an interpreter of an
> embedded language, with execution stacks entirely encoded and stored
> in each HTML page sent to the user and back from the user as an
> encoded URL or form data. So the server is entirely stateless.
Mmm, if any of that HTML-stored state is sensitive server information,
this becomes a problem. (E.g. can I trick your application into
thinking I'm an admin and then go starting/stopping processes,
changing passwords. etc.?) You need to use extra care if anything
sensitive is put where the client can munge it.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
More information about the Haskell-Cafe
mailing list