On 2008 Jun 4, at 22:30, Paul L wrote:

The server is then very much like a VM or an interpreter of an
embedded language, with execution stacks entirely encoded and stored
in each HTML page sent to the user and back from the user as an
encoded URL or form data. So the server is entirely stateless.


Mmm, if any of that HTML-stored state is sensitive server information, this becomes a problem. (E.g. can I trick your application into thinking I'm an admin and then go starting/stopping processes, changing passwords. etc.?) You need to use extra care if anything sensitive is put where the client can munge it.

--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [EMAIL PROTECTED]
system administrator [openafs,heimdal,too many hats] [EMAIL PROTECTED]
electrical and computer engineering, carnegie mellon university    KF8NH


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Reply via email to