Untangled: A ClojureScript-Based Webapp Framework (untangled-web.github.io) 45 points by swannodette 10y ago ↗ HN
[–] casperc 10y ago ↗ The video is a bit hard to follow, but looking at the code shown at 1:14, Datomic transactions seems to be made directly from the GUI.Isn't this a major security problem given that anyone could just send arbitrary transactions using e.g. the Chrome console? [–] swannodette 10y ago ↗ That is server side code not client side code. [–] jlongster 10y ago ↗ The colocated queries on the frontend components are not datomic queries, Om Next has its own query language which is similar but the backend needs to translate it into datomic queries so you implement whatever security you need there. [–] dignati 10y ago ↗ You can add some sort of safety by only allowing transactions that use functions stored in the transactor.
[–] jlongster 10y ago ↗ The colocated queries on the frontend components are not datomic queries, Om Next has its own query language which is similar but the backend needs to translate it into datomic queries so you implement whatever security you need there.
[–] dignati 10y ago ↗ You can add some sort of safety by only allowing transactions that use functions stored in the transactor.
[–] defenestration 10y ago ↗ Please make the page readable on mobile. The 4 columns of text overlap and look entangled. [–] stephenway 10y ago ↗ Un-entangled :)
7 comments
[ 2.9 ms ] story [ 26.4 ms ] threadIsn't this a major security problem given that anyone could just send arbitrary transactions using e.g. the Chrome console?