[Cubicweb] annotating divs with rql and vid

Nicolas Chauvat nicolas.chauvat at logilab.fr
Fri May 25 10:15:45 CEST 2012


On Thu, May 24, 2012 at 09:39:24PM +0200, Sylvain Thénault wrote:
> > 2/ IMHO the direction the web is going is "write client-based apps in
> > the browser with js and query data backend with sparql". We have RQL
> > and js already, let's not move back to the standard API-based design
> > where everything must have a URL known by the developer.
>
> This is also a core point that will further drive the discussion. Do we
> want to be able to run sites with rql input disabled? IMO we've already 
> built a bunch of sites where the answer is definitly yes. And I think
> we'll have to build some others. Toying with CW has a price...

What would you say were the reasons to disable rql input?

> * what can't we have by disabling rql input, beside allowing user to type
>   arbitrary rql?

And the answer is ?

> * if we decide rql input is the future, then we should not delay anymore
>   working on related security concerns.

What are the security issues you think about? The security of several
sites in production was tested by third parties that did not find
breaches.

-- 
Nicolas Chauvat

logilab.fr - services en informatique scientifique et gestion de connaissances  



More information about the Cubicweb mailing list