Subject: Re: external representations of continuations and environments
From: rpw3@rigden.engr.sgi.com (Rob Warnock)
Date: 2000/08/23
Newsgroups: comp.lang.scheme
Message-ID: <8o0hb9$jo96q$1@fido.engr.sgi.com>
Chris Jones  <chris@cjones.org> wrote:
+---------------
| I'd like to find a way to make an external representation of [continuations]
| ... I'd like to have my server-side app generate a page, send it
| to the client, and then save its state.  When another request comes in
| from the same client, the app's state should get restored, and
| execution should continue where it left off.
...
| What do folks here think about all this?  Am I missing something
+---------------

You need to worry about authetication and replay attacks. Once you
hand out *anything* except authenticated/checksummed opaque handles
to a client, you risk replay attacks or even constructed-code attacks.
(Particularly in Scheme, where multiple use of a continuation is *not*
automatically an error!)


-Rob

-----
Rob Warnock, 41L-955		rpw3@sgi.com
Applied Networking		http://reality.sgi.com/rpw3/
Silicon Graphics, Inc.		Phone: 650-933-1673
1600 Amphitheatre Pkwy.		PP-ASEL-IA
Mountain View, CA  94043