Learn the high-value secure coding habits for Clojure systems, including explicit boundaries, least privilege, safe defaults, dependency hygiene, and failure handling that does not leak secrets.
Secure coding: Writing software so that unsafe states require explicit, reviewed choices instead of being the default outcome of ordinary development.
Clojure gives you a few advantages here: immutable data, explicit data transformations, and a culture of small composable functions. But secure systems still fail when boundaries are vague, dependencies drift, or error paths reveal more than the success path ever should.
The useful mindset is not “Clojure is safer by nature.” It is “Clojure makes it easier to keep data flow explicit, so use that clarity to enforce trust boundaries.”
Most security bugs happen where untrusted data crosses into a trusted part of the system:
Each boundary should answer four questions:
If those answers are implicit, the code will eventually drift into insecure behavior.
Secure systems default to the safer branch:
1(def default-security-config
2 {:enable-admin-routes? false
3 :allow-self-signed-tls? false
4 :max-upload-bytes (* 5 1024 1024)
5 :public-debug-endpoint? false})
6
7(defn effective-security-config [overrides]
8 (merge default-security-config overrides))
The point is not the map itself. The point is that a safe system state should not depend on every caller remembering to set the right switch.
This order matters. A small request pipeline should make the checks readable:
1(defn create-invoice [request]
2 (let [identity (:identity request)
3 command (parse-and-validate-command! (:body-params request))]
4 (if (can-create-invoice? identity command)
5 (persist-invoice! command)
6 {:status 403
7 :body {:error :forbidden}})))
That is much safer than parsing loosely, performing side effects early, and hoping a later middleware step rejects the request.
Least privilege is not only an IAM concept. It should shape:
Clojure namespaces are not a security boundary by themselves, but they can still help keep risky capabilities concentrated in one reviewable place instead of scattered across the codebase.
A secure application can still be compromised by:
That means secure coding includes build and runtime discipline:
Logs should contain:
Logs should avoid:
Security and observability improve together only when logging is deliberate instead of indiscriminate.
“The UI already validates that” and “the gateway already authenticated it” are common preconditions for security bugs.
Backdoor admin routes, trust-all TLS flags, and hidden debug endpoints have a habit of surviving far beyond their original intent.
Middleware is useful, but many security decisions still belong in domain-specific code and data boundaries.
An application that hides sensitive data on success but prints it in exceptions is not actually protecting it.
Make trust boundaries explicit, validate early, authorize before side effects, default to safer settings, and keep dangerous capabilities narrow and reviewable. Then pair that code discipline with dependency, runtime, and logging hygiene. In Clojure, secure coding is not a separate paradigm. It is explicit data flow plus disciplined boundary ownership.