Changeset 15648 in project


Ignore:
Timestamp:
08/30/09 12:10:23 (10 years ago)
Author:
certainty
Message:

Changes applied for certainty (82.83.157.152) through svnwiki:

File:
1 edited

Legend:

Unmodified
Added
Removed

  • wiki/eggref/4/uri-dispatch

    r15515 r15648  
    2020The dispatch-algorithm is implemented as follows:
    2121
    22 ('''Note''' Although not explicitly stated here the algorithm performs a whitelist-check on any procedure before it is invoked. See '''enable-whitelisting''' and '''whitelist!''')
     22('''Note''' See also the whitelisting-section, to learn how to limit the exposure of procdures)
    2323
    2424* The path is empty. It checks if '''default-dispatch-target''' is bound to a procedure.
    25    If it is, then it is invoked. If it is not, then '''dispatch-error''' is invoked.
     25  If it is, then it is invoked. If it is not, then '''dispatch-error''' is invoked.
    2626
    2727* The path has exactly one element. It assumes that this element is the name
    28    of a thunk that was defined outside a module. If such a thunk exists it is invoked.
    29    If no such a thunk exists '''dispatch-error'''.is invoked.
     28  of a thunk that was defined outside a module. If such a thunk exists it is invoked.
     29  If no such a thunk exists '''dispatch-error'''.is invoked.
    3030
    3131* The path contains at least two elements.
     
    3636  outside any module. If such a procedure exists, it is invoked passing the rest of the elements as arguments.
    3737  If no such procedure exists '''dispatch-error''' is invoked with the full path as arguments. The path is applied
    38   to the procedure so you can use for example dsssl-style lambdalists to declare optional arguments or a rest-argument.
     38  to the procedure so you can use for example dsssl-style lambda-lists to declare optional arguments or a rest-argument.
     39
     40All those lookups are done in the current '''dispatch-environment''', which can be parameterized.
    3941
    4042
    41 <procedure>(whitelist! DEFINITION)</procedure>
    42 Though nice for development it is not advisable to allow anybody out there to invoke abritary procedures of your application.
    43 So you might want to '''enable-whitelisting''' in production and whitelist only those modules and/or procedures you really want
    44 to be callable from the outside. Whis procedure expects a list that defines the procedure/modules
    45 you want to whitelist. If a procedure is requested that does exist but is not whitelisted '''dispatch-error''' is invoked.
    46 You have basically two possibilities to perform whitelisting, all of which can be combined.
     43==== Whitelisting
    4744
    48 1) whitelist procedures outside modules
    49 <pre>(whitelist! '(procedure1 procedure2 procedure3))</pre>
     45Though nice for development it is not advisable to allow everybody out there to invoke abritary procedures of your application.
     46So you might want to whitelist only those procedures that really acts as the interface of your application.
    5047
    51 2) whitelist all procedures inside a module
    52 <pre>(whitelist! '((module my-module my-module2))</pre>
     48To enable whitelisting you simply parameterize the '''whitelist''' parameter with your whitelisting-specification.
     49If a procedure is requested that does exist but is not whitelisted '''dispatch-error''' is invoked.
    5350
    5451
    55 '''In the near future you will have the following possibilities as well:'''
     52'''Whitelisting specification'''
    5653
    57 whitelist specific procedures inside a module
    58 <pre>(whitelist! '((module-name procedure1 procedure2)))</pre>
     54The whitelist allows to selectivly whitelist procedures modules and procedures inside modules.
     55The examples explain all three cases
    5956
    60 It is also planned to implement some keywords that allow easier use of this procedure.
     57 (whitelist '(proc1 proc2 proc3))
    6158
     59This will whitelist the procedures proc1..proc3. Those procedures must be defined outside a module.
     60
     61 (whitelist '((mod1 . (proc1 proc2))
     62
     63This will whitelist the procedures proc1 and proc2 that must reside inside the module mod1.
     64
     65 (whitelist '((mod1 . *))
     66
     67This will whitelist all procedures inside the module mod1.
     68
     69Of course you can mix those declarations.
     70
     71
     72<parameter>whitelist</parameter>
     73
     74The parameter holding the whitelist. It defaults to #f which means whitelisting is disabled.
    6275
    6376
     
    6679If no handler for a uri can be found, the dispatcher will invoke the procedure that dispatch-error is currently parameterized with.
    6780'''NOTE''' dispatch-error is also invoked if the requested handler exists but is not whitelisted.
     81Defaults to (constantly #f).
    6882
    6983<parameter>enable-whitelisting</parameter>
    7084
    7185If set to #t then whitelist-checks are enabled. Defaults to #f.
     86
    7287<parameter>default-dispatch-target</parameter>
    7388
     
    7691
    7792<parameter>dispatch-environment</parameter>
    78 
    7993The environment that is used to lookup the procedures. It defaults to '''interaction-environment'''.
    8094
Note: See TracChangeset for help on using the changeset viewer.