[Ur] Can an Ur/Web server be made to create directories / write to files on the host Linux filesystem?
Timothy Beyer
beyert at fastmail.net
Mon May 18 04:21:10 EDT 2015
At Mon, 18 May 2015 00:38:17 -0300,
Stefan Scott Alexander wrote:
> I would like to make my Ur server interact in a few basic ways with the Linux filesystem:
>
> - writing files
> - creating directories
>
> In order to ensure security, these kinds of filesystem operations performed by Ur/Web would
> of course be tightly restricted to a very small predetermined set of functions, arguments,
> and filesystem locations, and would only be able to be directly invoked from the server-side
> (never from the client-side).
>
> Since Ur is specialized to be a webserver, I don't think there are any existing commands in
> Ur itself which would allow the server to perform these interactions with the filesystem,
> correct?
If it is OK that the transaction might be restarted or interrupted, then using
the C FFI on the server side for filesystem operations makes sense.
> So I assume this would only doable via the C FFI (foreign function interface) using C
> functions such as:
>
> - fputs in stdio.h
> - mkdir in sys/stat.h
Correct. File management on the client side shouldn't be possible in normal
circumstances, short of a browser plugin or specialized software installed on
the client machine.
As far as effectful operations on the server side are concerned, keep in mind
that Ur/Web requires transactional semantics, so anything that performs effects
that cannot be reproduced later must be approached with extreme caution (as far
as I'm concerned, this risk applies to any web application framework, although
maybe not all web developers will agree).
In my case, I want to write non-transactional long-running effects on the
backend, so I'm implementing a JSON RPC client to send requests to a long
running haskell process that has a JSON RPC server, which in turn performs the
unsafe operations. This will be invaluable for file management related
functionality (or anything truly stateful).
If you're interested in that library, it isn't online yet, but soon it will be
available (just got the proof of concept fully working).
Whether or not this is a good idea is up for debate, but I'm going to
experiment with this approach for the time being..
Regards,
Tim
More information about the Ur
mailing list