Changeset 15648 in project
- Timestamp:
- 08/30/09 12:10:23 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
wiki/eggref/4/uri-dispatch
r15515 r15648 20 20 The dispatch-algorithm is implemented as follows: 21 21 22 ('''Note''' Although not explicitly stated here the algorithm performs a whitelist-check on any procedure before it is invoked. See '''enable-whitelisting''' and '''whitelist!''')22 ('''Note''' See also the whitelisting-section, to learn how to limit the exposure of procdures) 23 23 24 24 * The path is empty. It checks if '''default-dispatch-target''' is bound to a procedure. 25 25 If it is, then it is invoked. If it is not, then '''dispatch-error''' is invoked. 26 26 27 27 * The path has exactly one element. It assumes that this element is the name 28 29 28 of a thunk that was defined outside a module. If such a thunk exists it is invoked. 29 If no such a thunk exists '''dispatch-error'''.is invoked. 30 30 31 31 * The path contains at least two elements. … … 36 36 outside any module. If such a procedure exists, it is invoked passing the rest of the elements as arguments. 37 37 If no such procedure exists '''dispatch-error''' is invoked with the full path as arguments. The path is applied 38 to the procedure so you can use for example dsssl-style lambdalists to declare optional arguments or a rest-argument. 38 to the procedure so you can use for example dsssl-style lambda-lists to declare optional arguments or a rest-argument. 39 40 All those lookups are done in the current '''dispatch-environment''', which can be parameterized. 39 41 40 42 41 <procedure>(whitelist! DEFINITION)</procedure> 42 Though nice for development it is not advisable to allow anybody out there to invoke abritary procedures of your application. 43 So you might want to '''enable-whitelisting''' in production and whitelist only those modules and/or procedures you really want 44 to be callable from the outside. Whis procedure expects a list that defines the procedure/modules 45 you want to whitelist. If a procedure is requested that does exist but is not whitelisted '''dispatch-error''' is invoked. 46 You have basically two possibilities to perform whitelisting, all of which can be combined. 43 ==== Whitelisting 47 44 48 1) whitelist procedures outside modules 49 <pre>(whitelist! '(procedure1 procedure2 procedure3))</pre> 45 Though nice for development it is not advisable to allow everybody out there to invoke abritary procedures of your application. 46 So you might want to whitelist only those procedures that really acts as the interface of your application. 50 47 51 2) whitelist all procedures inside a module 52 <pre>(whitelist! '((module my-module my-module2))</pre> 48 To enable whitelisting you simply parameterize the '''whitelist''' parameter with your whitelisting-specification. 49 If a procedure is requested that does exist but is not whitelisted '''dispatch-error''' is invoked. 53 50 54 51 55 ''' In the near future you will have the following possibilities as well:'''52 '''Whitelisting specification''' 56 53 57 whitelist specific procedures inside a module 58 <pre>(whitelist! '((module-name procedure1 procedure2)))</pre> 54 The whitelist allows to selectivly whitelist procedures modules and procedures inside modules. 55 The examples explain all three cases 59 56 60 It is also planned to implement some keywords that allow easier use of this procedure.57 (whitelist '(proc1 proc2 proc3)) 61 58 59 This will whitelist the procedures proc1..proc3. Those procedures must be defined outside a module. 60 61 (whitelist '((mod1 . (proc1 proc2)) 62 63 This will whitelist the procedures proc1 and proc2 that must reside inside the module mod1. 64 65 (whitelist '((mod1 . *)) 66 67 This will whitelist all procedures inside the module mod1. 68 69 Of course you can mix those declarations. 70 71 72 <parameter>whitelist</parameter> 73 74 The parameter holding the whitelist. It defaults to #f which means whitelisting is disabled. 62 75 63 76 … … 66 79 If no handler for a uri can be found, the dispatcher will invoke the procedure that dispatch-error is currently parameterized with. 67 80 '''NOTE''' dispatch-error is also invoked if the requested handler exists but is not whitelisted. 81 Defaults to (constantly #f). 68 82 69 83 <parameter>enable-whitelisting</parameter> 70 84 71 85 If set to #t then whitelist-checks are enabled. Defaults to #f. 86 72 87 <parameter>default-dispatch-target</parameter> 73 88 … … 76 91 77 92 <parameter>dispatch-environment</parameter> 78 79 93 The environment that is used to lookup the procedures. It defaults to '''interaction-environment'''. 80 94
Note: See TracChangeset
for help on using the changeset viewer.