From: Danny Milosavljevic <dannym@scratchpost.org>
To: Tatiana Sholokhova <tanja201396@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>
Subject: Re: GSoC: Adding a web interface similar to the Hydra web interface
Date: Wed, 13 Jun 2018 10:27:12 +0200 [thread overview]
Message-ID: <20180613102712.2c46d7d5@scratchpost.org> (raw)
In-Reply-To: <CAMSS15BdX=perUP7UO2MuHVGd145X4ztVotgNvRQmS9x9bnrEg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3092 bytes --]
Hi Tatiana,
On Wed, 13 Jun 2018 01:43:31 +0300
Tatiana Sholokhova <tanja201396@gmail.com> wrote:
> I've just fixed codestyle issues and replaced HTML5 preamble with XHTML.
Yeah, looks much more regular now.
> I adopted the static file serving procedure from code shared by Ricardo.
>
> https://github.com/BIMSBbioinfo/rcas-web/blob/22a114a0f281845117ed0ab105267f132fc525e4/rcas/web/render.scm#L68
I understand.
It's common to do stuff like that - but it's just an unnecessary risk.
Especially since we have cuirass build (and presumably sign) everything for us,
it would be very very bad for an attacker to be able to read out the private key
used to sign everything.
Blacklists are a whack-a-mole approach (maintaining it will never end) - and in
this case nothing in POSIX states that these characters are the only
problematic ones (and I know of quite a few filesystems where there are a lot
more problematic strings).
Much better to have a whitelist.
> I am considering the following possible implementation of a whitelist. We
> can create association list with allowed file names and their mime types (to
> replace file-mime-type list). What do you think about it?
Yes, that would be a simple way - and easily maintainable, too. Let's do it
like that.
> Now we have the only one parameter of the request
> which is related to pagination. It is the page number. Should we add more
> parameters to the request in order to request evaluations with specific
> timestamps and IDs? Or there is some other way of doing that?
I don't think we would need the parameter for the page number anymore.
I think we should add a parameter like "boundary" or something
(or multiple ones - I defer to your judgement).
It would also be possible to use "boundary=a&boundary=b" (note: same name).
Not sure whether that would be obtuse or not.
From a technical standpoint it doesn't matter - you just have to have get a
tuple of data cells (of the last row) into the query string somehow.
Also, it has to be able to be entirely optional (in order to get the first page).
The tuple of data cells should uniquely identify one row in the result. (If it
didn't, you'd skip the other same-value rows when going to the next page)
(There would be an alternative possible to be able to dispense of this
requirement, but I think it would be too obtuse to maintain)
For the evaluations, the relevant data cells would be (starttime, id,
revision) or so.
I suggest adding starttime to the "Evaluations" database table to
improve usability.
(If we wanted to eventually provide a way for the user to sort columns,
we'd have to also adapt what columns this cell list contains - although
it doesn't make sense to stay on page 243 when you change the sort order :) )
What do you think?
> I have
> checked the Hydra pagination request structure. It uses the same form of
> the request path for pagination buttons that we have now:
> "?page=<page-id>".
Yeah, the practice is widespread. Let's do better than that if we can.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2018-06-13 8:27 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-03 15:44 GSoC: Adding a web interface similar to the Hydra web interface Tatiana Sholokhova
2018-05-04 2:01 ` Maxim Cournoyer
2018-05-04 12:55 ` Ludovic Courtès
2018-05-05 10:50 ` Ricardo Wurmus
2018-05-08 7:26 ` Danny Milosavljevic
2018-05-09 9:56 ` Ricardo Wurmus
2018-05-09 17:21 ` Ricardo Wurmus
2018-05-13 18:45 ` Tatiana Sholokhova
2018-05-13 19:30 ` Gábor Boskovits
2018-05-13 19:33 ` Tonton
2018-05-13 19:54 ` Danny Milosavljevic
2018-05-14 3:34 ` Chris Marusich
2018-05-14 4:20 ` Ricardo Wurmus
2018-05-17 22:31 ` Tatiana Sholokhova
2018-05-18 20:35 ` Ricardo Wurmus
2018-05-21 21:52 ` Tatiana Sholokhova
2018-05-22 5:33 ` Ricardo Wurmus
2018-05-23 21:06 ` Tatiana Sholokhova
2018-05-24 6:03 ` Ricardo Wurmus
[not found] ` <CAMSS15DThnLO+YEVaBmJ9ozMeu4mO1rHAdXHgZ8K+Csu40pORQ@mail.gmail.com>
2018-05-28 10:39 ` Ricardo Wurmus
2018-06-02 15:03 ` Ricardo Wurmus
2018-06-03 15:50 ` Tatiana Sholokhova
2018-06-03 19:40 ` Ricardo Wurmus
2018-06-04 22:14 ` Tatiana Sholokhova
2018-06-05 20:40 ` Ricardo Wurmus
2018-06-06 18:02 ` Danny Milosavljevic
2018-06-10 14:36 ` Tatiana Sholokhova
2018-06-11 10:19 ` Ricardo Wurmus
2018-06-11 11:23 ` Ludovic Courtès
2018-06-12 16:35 ` Danny Milosavljevic
2018-06-12 21:52 ` Ricardo Wurmus
2018-06-12 22:43 ` Tatiana Sholokhova
2018-06-13 6:39 ` Gábor Boskovits
2018-06-13 8:27 ` Danny Milosavljevic [this message]
2018-06-13 13:58 ` Joshua Branson
2018-06-13 14:22 ` Gábor Boskovits
2018-06-13 15:07 ` Joshua Branson
2018-06-25 10:46 ` Gábor Boskovits
2018-06-25 12:12 ` Tatiana Sholokhova
2018-06-27 19:56 ` Ludovic Courtès
2018-07-04 20:54 ` Tatiana Sholokhova
2018-07-04 21:47 ` Jelle Licht
2018-07-05 8:27 ` Danny Milosavljevic
2018-07-06 9:58 ` Gábor Boskovits
2018-07-08 19:48 ` Tatiana Sholokhova
2018-07-08 21:09 ` Danny Milosavljevic
2018-07-29 12:01 ` Clément Lassieur
2018-07-29 13:25 ` Gábor Boskovits
2018-07-29 14:41 ` Clément Lassieur
2018-07-08 21:19 ` Gábor Boskovits
2018-07-18 10:37 ` Clément Lassieur
2018-07-19 20:10 ` Tatiana Sholokhova
2018-07-19 21:47 ` Amirouche Boubekki
2018-07-18 10:19 ` Clément Lassieur
2018-07-17 19:31 ` Clément Lassieur
2018-05-29 16:07 ` Ludovic Courtès
2018-05-29 16:17 ` Gábor Boskovits
2018-07-18 9:34 ` Clément Lassieur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180613102712.2c46d7d5@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=guix-devel@gnu.org \
--cc=tanja201396@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).