Enterprise Erlang Beams?

Joachim Durchholz <>
Wed Aug 27 12:13:05 CEST 2003


Vlad Dumitrescu wrote:
 > [lots of things I agree with]
> 
> - An aspect where Java has the upper hand is security: JVM is acting as a
> sandbox, while BeamVM isn't. This might be important.

This is definitely important.
The slew of "security advisories" for Java and JavaScript has also shown 
that it's not easy to get right. The challenge is determining what 
activities should be allowed for the sandboxed applications: there are 
many legitimate and illegitimate uses, and there is considerable overlap 
  that forces the design to differentiate even more precisely.

An example: it's legitimate to write temporary data to disk. It's 
illegitimate to overwrite system files. So be more precise: it's 
legitimate to write temporary files and to files that have been 
submitted by the end user. But then it's illegitimate to hog the disk, 
so we need a size limit of files written.
And that's just writing to files, there are dozens of other issues...

There's another question: Java and JavaScript are already there. Will 
Erlang as a browser plug-in offer any serious advantages /for the end user/?
I suspect the answer is No, so nobody will want to install the plug-in.
So concentrating on the server side is probably a better approach.
(Sure enough somebody will write the plug-in anyway... the interesting 
question being whether it's going to be maintained.)

Just my 2c.

Jo




More information about the erlang-questions mailing list