[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fixing "stringly typed" data structures in Artanis (Was: Learning Gu
|
From: |
tomas |
|
Subject: |
Re: Fixing "stringly typed" data structures in Artanis (Was: Learning Guile web. Stuck on returning an image.) |
|
Date: |
Fri, 11 Dec 2015 08:53:19 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Dec 10, 2015 at 05:02:52PM -0500, Thompson, David wrote:
> [ Changing the subject for this little rant below ]
>
> On Thu, Dec 10, 2015 at 2:44 PM, Martyn Smith
> <address@hidden> wrote:
>
> [snip]
>
> > (get "/image"
> > (lambda (rc)
> > (let* ((port (open-file "s.jpg" "r"))
> > (bytes (get-bytevector-all port)))
> > (close-port port)
> > (response-emit bytes #:headers '((content-type image/jpg))))))
> >
> > (run #:port 1234)
> >
> >
> > For my personal website, I pass in an id (ie "/image/{id}") which returns a
> > record from the database, containing the location of the file in question...
> > plus other things (tags, uploader, etc) -- once working I stick it inside
> > an image tag - job done!
>
> I guess this is as good a time as any to voice a concern that I have
> with Artanis before too many people depend on it and its not feasible
> to change it. In Scheme, we have the luxury of being able to easily
> create embedded domain specific languages or otherwise take advantage
> of s-expressions to avoid the tiring work of writing parsers and
> interpreters for new languages. [...]
I'd like to throw in a word of caution. There are those two worlds
"everything is a string" (excuse me the Tcl pun) and "everything is
a structure". They both have their strengths, and over-committing to
one can immobilize too early.
In Guix this may make more sense, since we're talking about a more or
less controlled environment. But in the WWW, the only currency of exchange
is an URL which is... a string! (it can be interpreted as a serialization
of an intrinsic data structure, but what the RFCs talk about is a
string).
For a current discusion of this kind of topic, see [1]
And yes, David: your concerns about (not only SQL) injection are
definitely valid; I guess this is a force field we'll be living in,
at least in this trade. Too much in one corner and it becomes
too dangerous, too much in the other and it becomes boring. Gödel
or something.
[1] <http://lambda-the-ultimate.org/node/5289>
regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlZqgO8ACgkQBcgs9XrR2kZTaQCeM42GhOsKjNJa8xVBGv2D3caS
Y88An0UVbd/zL7HaY3UDhmutbh7byILm
=xwJZ
-----END PGP SIGNATURE-----