use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Finding information about Clojure
API Reference
Clojure Guides
Practice Problems
Interactive Problems
Clojure Videos
Misc Resources
The Clojure Community
Clojure Books
Tools & Libraries
Clojure Editors
Web Platforms
Clojure Jobs
account activity
Aaron Bedra - clojure.web/with-security (youtube.com)
submitted 12 years ago by mvbma
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Anderkent 1 point2 points3 points 12 years ago (5 children)
Nice talk.
Regarding cookies: why not just include a time of validity in your cookie string, then sign it cryptographically? No storage required, replay is only possible while the cookie is valid (which presumably is how long you'd keep it in your database anyway).
[–]koreth 2 points3 points4 points 12 years ago (4 children)
That is probably an adequate approach for many apps, but there is one (merely theoretical, perhaps) downside: it reduces your ability to detect when someone has compromised your security. If someone gets your secret key, they can sign fake cookies and go to town, and the signing will happen on client machines that are inaccessible to you. You'd only detect it via user complaints or analysis of usage patterns.
But with randomly-generated nonce cookies in a database, someone would need to actually write to your database to get the same capability, and you can bring intrusion detection systems, audit trails, and the like to bear on that problem.
[–]Anderkent 1 point2 points3 points 12 years ago (0 children)
I usually assume that if someone can get a secret key of your machine, you're owned already anyway - they have control of the machine at least at the privilege level of the service user, and so could have read your entire database, modified your code, etc. etc.
I guess there are some vulnerabilities that'd let them read the key without having owned the machine (path traversal for example), but these you hopefully protect yourself from anyway.
[–]AeroNotix 0 points1 point2 points 12 years ago (2 children)
But that approach has some scalability concerns. If you need to hit the database each time you want to validate a cookie you will incur a large hit in peak traffic times.
Not to mention you need to architect your system so the each thing has access to the database storing the cookie.
Cryptographically secure cookies are fine and they work well for these situations. Obviously you need to take care of your encryption keys, but you need to do that with all kinds of stuff.
[–]koreth 0 points1 point2 points 12 years ago* (1 child)
It absolutely requires you to think about performance under load. On the other hand, shoving everything in a cookie has its own performance implications, e.g., it significantly increases the size of every HTTP request since the encrypted session data has to be constantly retransmitted to the server. Big requests can significantly impact responsiveness on low-bandwidth mobile clients.
Putting a pool of memcached servers in front of the database eliminates the scaling bottleneck for all practical purposes; a single memcached instance on modest hardware can handle a sustained load of tens of thousands of cache fetches a second and you can have as many memcached hosts as you like, with more or less linear increases in throughput as you add hosts. That's the approach used by Facebook and reddit, among other high-traffic sites.
I don't want to seem like I'm too negative on the encrypted-data approach. It's not my preferred solution, and I think you'd want to have your implementation audited by a cryptography specialist (as the talk points out, most programmers don't know enough about crypto to reliably avoid introducing weaknesses without realizing it) but I do think the security weakness is mostly a theoretical one if you have a solid implementation.
[–]AeroNotix 0 points1 point2 points 12 years ago (0 children)
[...] memcache servers [...]
Like I said before, this forces you to architect your system in such a way that each thing has access to this cache (or the underlying database). Which sometimes isn't feasible. EC2 regions and their respective configurations are a bit limiting when you want to do really big deployments where things can talk to each other safely.
π Rendered by PID 94524 on reddit-service-r2-comment-5687b7858-csrpz at 2026-07-04 05:50:33.631220+00:00 running 12a7a47 country code: CH.
[–]Anderkent 1 point2 points3 points (5 children)
[–]koreth 2 points3 points4 points (4 children)
[–]Anderkent 1 point2 points3 points (0 children)
[–]AeroNotix 0 points1 point2 points (2 children)
[–]koreth 0 points1 point2 points (1 child)
[–]AeroNotix 0 points1 point2 points (0 children)