Hacker News new | past | comments | ask | show | jobs | submit login

The video is a bit hard to follow, but looking at the code shown at 1:14, Datomic transactions seems to be made directly from the GUI.

Isn't this a major security problem given that anyone could just send arbitrary transactions using e.g. the Chrome console?




That is server side code not client side code.


The colocated queries on the frontend components are not datomic queries, Om Next has its own query language which is similar but the backend needs to translate it into datomic queries so you implement whatever security you need there.


You can add some sort of safety by only allowing transactions that use functions stored in the transactor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: