måndag 6 oktober 2014

Clojure web security

This post about Clojure web security is a must read. Not only does it summarize many things that can go bad, but also shows just how severe it can be to read data with read-string - it looks like it can execute almost any code and construct any availiable java class! Scarier than I knew. Thanks.

Inga kommentarer:

Skicka en kommentar