[Cubicweb] annotating divs with rql and vid
nicolas.chauvat at logilab.fr
Fri May 25 10:15:45 CEST 2012
On Thu, May 24, 2012 at 09:39:24PM +0200, Sylvain Thénault wrote:
> > 2/ IMHO the direction the web is going is "write client-based apps in
> > the browser with js and query data backend with sparql". We have RQL
> > and js already, let's not move back to the standard API-based design
> > where everything must have a URL known by the developer.
> This is also a core point that will further drive the discussion. Do we
> want to be able to run sites with rql input disabled? IMO we've already
> built a bunch of sites where the answer is definitly yes. And I think
> we'll have to build some others. Toying with CW has a price...
What would you say were the reasons to disable rql input?
> * what can't we have by disabling rql input, beside allowing user to type
> arbitrary rql?
And the answer is ?
> * if we decide rql input is the future, then we should not delay anymore
> working on related security concerns.
What are the security issues you think about? The security of several
sites in production was tested by third parties that did not find
logilab.fr - services en informatique scientifique et gestion de connaissances
More information about the Cubicweb