[rarestblog]

Interesting, but I kind of have the problem with URLs this language produces.

http://groups.inf.ed.ac.uk/links/examples/citations.links?_k...

Namely: 0. Not readable by any measure and too long 1. What's encoded there? 2. Do URLs expire? 3. Does each link require some amount of memory to save the state? 4. Is it possible to construct malicious URLs that call arbitrary function with arbitrary argument?

[caustic]

It seems like they are embedding some state in these URLs. By I am by no means an expert in this language, so I am only guessing here.

[Yoric]

I haven't checked in some time, but they used to embed the complete continuation (if you don't know what's a continuation, you can just consider it's the stack) in the URL. It's a very nice and very natural mechanism, which gives them lots of flexibility in terms of semantics and garbage-collection, although I suspect it's very bad in terms of both performance and security.

[rarestblog]

So basically it's some kind of entry point with arguments? Wouldn't that be a huge security hole? I mean it's just buffer overflow, without even a need to overflow, in plain sight...

[Yoric]

I'm not exactly sure how they do it in Links these days. If they still take the naive approach to continuations, yes, that's a huge security hole. However, there are moderately simple ways to make this security hole magically disappear. You keep most of the agility and none of this vulnerability.