From nobody Tue Feb 9 22:44:30 2021 Authentication-Results: mail-b.sr.ht; dkim=pass header.d=alexwennerberg.com header.i=@alexwennerberg.com Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by mail-b.sr.ht (Postfix) with ESMTPS id 1BA8011F003 for <~aw/flounder@lists.sr.ht>; Tue, 9 Feb 2021 22:44:30 +0000 (UTC) MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alexwennerberg.com; s=key1; t=1612910668; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to; bh=QBJxyRO0Og2yUKqWXCQg0GJ+nWCXBsEspleT3D/hepA=; b=UfYTABOc6bpPOMImrOMQ/Q/PIUZiIRu0ePylmy7qkyrvGOqB4aZDuwv0NWxGKDJGGeDFZt RWkWsKdQxj4EdQ7o4t/VtVbFi7hauWvBXopoXpI3h9ovtt8USqCFImMyUYv2+8+7UeoLm+ VPxyz08naRIgCZEtNreVxJrz2wKxnGEDfAVk3xRy5F8spSJQMT4U2gcIWhn5pgMWutez74 qKZ4axgOrd6WHG8rFAFInicpZqkQJJ66vcb2Z0FZ/ini+SwPyoPmrCKndFlxAKGPinVBKK F+1d4fMd0yWG+y/R08GCOZZLD+nJ+lN+rGfCyFWmxgP2nIsmtWnUF0rGlfemww== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: "alex wennerberg" To: "alex wennerberg" , "Maxime" , <~aw/flounder@lists.sr.ht> Subject: Re: Flounder - add a comment section Date: Tue, 09 Feb 2021 14:41:53 -0800 Message-Id: In-Reply-To: X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: alex@alexwennerberg.com An addendum -- Using this library specifically would require me adding CGI to Flounder. This would allow users to run arbitrary scripts in their capsule. This is a cool idea, and I want to see if I can come up with a way to support it, but it is an immense security challenge -- I would have to make sure that users are able to run scripts without consuming all the server resources, or accessing the Flounder server code itself. I haven't looked too much into how I could do this yet, if it is at all possible. All the best, Alex