[HN Gopher] Show HN: MathB.in - Mathematics pastebin written in ...
___________________________________________________________________
Show HN: MathB.in - Mathematics pastebin written in Common Lisp
Author : susam
Score : 105 points
Date : 2022-09-23 11:34 UTC (11 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| Ligma123 wrote:
| Nice to know about this, and congratulations for its 10th
| anniversary.
|
| Given that it's not that old, and it's still actively used I
| wonder why people never include it in the list of recent Common
| Lisp code bases, for new users to take a look.
|
| It's always the same recommendations.
| susam wrote:
| Thank you! Until a few years ago, this project ran on PHP. It
| was then later rewritten in Common Lisp. I published the Common
| Lisp source code for this website only about a week ago. That's
| why I thought of making this "Show HN" post today.
|
| Until now, the source code published on GitHub has usually been
| a few versions behind the live website running at
| https://mathb.in/ but I am hoping that in future, I will keep
| the source code on GitHub as recent and as updated as possible.
| rauhl wrote:
| Pretty neat! I see that you're using Hunchentoot -- are you
| concerned that it interns HTTP header names in the KEYWORD
| package? It means that a malicious client can use up all your RAM
| by submitting requests with random header names.
| nerdponx wrote:
| This is a pretty subtle security "gotcha" for any program that
| wants to be clever and intern user-provided inputs as keywords.
| Good to know!
| susam wrote:
| Thank you for your comment. This is a great point! I had not
| considered this earlier but after looking at
| https://github.com/edicl/hunchentoot/blob/master/request.lis...
| it is clear that this could potentially lead to denial of
| service.
|
| I have now updated the Nginx configuration to block arbitrary
| headers coming from the remote client and explicitly pass only
| a limited set of headers to Hunchentoot. So now I have
| something like this in the Nginx reverse proxy configuration:
| proxy_pass_request_headers off; proxy_set_header Accept
| $http_accept; proxy_set_header Content-Length
| $http_content_length; proxy_set_header Content-Type
| $http_content_type; proxy_set_header If-Modified-Since
| $http_if_modified_since; proxy_set_header Referer
| $http_referer; proxy_set_header User-Agent
| $http_user_agent; proxy_set_header X-Forwarded-For
| $remote_addr;
|
| I will push this configuration to the GitHub repository too
| sometime this weekend.
| [deleted]
| topaz0 wrote:
| I will use this! I wish I had known about it sooner!
| alphanumeric0 wrote:
| I will definitely use this. I've been looking for something like
| this to quickly share my ideas with other students.
| aidenn0 wrote:
| The demo really does look nice; I'm bookmarking this right now.
___________________________________________________________________
(page generated 2022-09-23 23:01 UTC)