Subject: Re: external representations of continuations and environments
From: (Rob Warnock)
Date: 2000/08/23
Newsgroups: comp.lang.scheme
Message-ID: <8o0hb9$jo96q$>
Chris Jones  <> wrote:
| I'd like to find a way to make an external representation of [continuations]
| ... I'd like to have my server-side app generate a page, send it
| to the client, and then save its state.  When another request comes in
| from the same client, the app's state should get restored, and
| execution should continue where it left off.
| What do folks here think about all this?  Am I missing something

You need to worry about authetication and replay attacks. Once you
hand out *anything* except authenticated/checksummed opaque handles
to a client, you risk replay attacks or even constructed-code attacks.
(Particularly in Scheme, where multiple use of a continuation is *not*
automatically an error!)


Rob Warnock, 41L-955
Applied Networking
Silicon Graphics, Inc.		Phone: 650-933-1673
1600 Amphitheatre Pkwy.		PP-ASEL-IA
Mountain View, CA  94043