On 01/07/2014 03:03 PM, Sergey wrote:
Well, for some reason I didn't take into account that 'show' instance
is defined for the url type. I agree, this approach should work for
now. But this way we handle basic cases only. For example, if I add
one trivial requirement to my login forms task - "views should print
errors in case of invalid login attempt" - then `form' function will
need (string -> url) function argument rather than constant url and,
thus, specializations. I can't see stable solution, that is why I'm so
nervous about this problem.
Your extra requirement turns out to be easy to support using cookies,
but I'm sure we could continue the escalation and find others that are
harder. :)
For now, I don't see an "obvious good idea" change to make in Ur/Web, so
I'll wait until someone's actually current application forces a
different tack.
By the way, you mentioned other frameworks which assigns urls to
continuations. I suppose it makes it possible to attack such servers
by forcing it into creating more and more continuations. But it is
interesting to read how the authors reason about the security. Could
you point me to some reading about this?
The continuation-based framework I've heard about the most is for Racket:
http://docs.racket-lang.org/web-server/
_______________________________________________
Ur mailing list
[email protected]
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
