search

eric-hawthorne / relish

Automatically exported from code.google.com/p/relish
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Add known limitations to doc #78

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Including at least the following:

- Ambiguities around treatment of nil. (Unassigned vs Unknown vs No Value)

- Lack of concurrent DB transactions - particular effect on web listener - http 
requests are serialized.

- No timeout in httpPost, httpGet calls can lock up whole app given previous 
issue.

- Sometimes obscure / confusing / spurious compiler error messages. Does not 
guess well what you were trying to code. Just look around the position and find 
what is wrong yourself.

- Type checking is rudimentary - more should be done and more moved to compile 
time by type inference
     - right now it's duck typing but not sure if it will continue as such

- Lack of database schema migration tools 

- Concurrency (goroutines) are not ultra-lightweight as in Go. There is GC 
accounting, thread object creation and stack allocation.

- It is possible to write malicious relish artifacts (which can access the file 
system with no permission system) so be careful to inspect source code of 
artifacts that you import and run or incorporate into your relish programs.

Original issue reported on code.google.com by relis...@gmail.com on 31 Jul 2014 at 6:25

GoogleCodeExporter commented 9 years ago

Original comment by relis...@gmail.com on 31 Jul 2014 at 6:25

GoogleCodeExporter commented 9 years ago

Original comment by relis...@gmail.com on 31 Jul 2014 at 6:29

GoogleCodeExporter commented 9 years ago 
Also mention possibility of sql injection attacks, so use ? syntax in OQL query 
clauses.

Original comment by relis...@gmail.com on 31 Jul 2014 at 7:13

GoogleCodeExporter commented 9 years ago 
Also mention specifically file i/o security. Nothing preventing artifact from 
modifying relish source code files of other artifacts in your relish 
distribution or project, or even from modifying relish itself to make it 
something malicious. 

A comprehensive security review has not yet been conducted.

Original comment by relis...@gmail.com on 31 Jul 2014 at 7:15

GoogleCodeExporter commented 9 years ago

Original comment by relis...@gmail.com on 16 Aug 2014 at 6:25