[racket] Racket documentation for web development is just awful!

From: Shriram Krishnamurthi (sk at cs.brown.edu)
Date: Sat Dec 17 13:39:43 EST 2011

Hi R. Noob,

> Do the URLs of pages that use continuation
> mechanism have to look ugly and cryptic?

Yes they do.  The URLs are ugly *because* they are cryptic.  They are
cryptic because it is a route to system security.  If they were
pretty, people could guess them, and that would adversely affect
security in a huge way.

Incidentally, this is something we stressed from the very beginning
(~late 2000).  It meant that certain kinds of Web attacks over which
people and Web sites spent a great deal of time (such as CSRF attacks)
could simply never occur for systems built atop the PLT Web server.

This idea is also incorporated into Google's Belay project:

https://sites.google.com/site/belayresearchproject/

If you look at the list of features they state, essentially every
single one of these maps onto "ugly and cryptic" URLs.

Shriram



Posted on the users mailing list.