Enterprise Erlang Beams?
Joachim Durchholz
joachim.durchholz@REDACTED
Wed Aug 27 12:13:05 CEST 2003
Vlad Dumitrescu wrote:
> [lots of things I agree with]
>
> - An aspect where Java has the upper hand is security: JVM is acting as a
> sandbox, while BeamVM isn't. This might be important.
This is definitely important.
The slew of "security advisories" for Java and JavaScript has also shown
that it's not easy to get right. The challenge is determining what
activities should be allowed for the sandboxed applications: there are
many legitimate and illegitimate uses, and there is considerable overlap
that forces the design to differentiate even more precisely.
An example: it's legitimate to write temporary data to disk. It's
illegitimate to overwrite system files. So be more precise: it's
legitimate to write temporary files and to files that have been
submitted by the end user. But then it's illegitimate to hog the disk,
so we need a size limit of files written.
And that's just writing to files, there are dozens of other issues...
There's another question: Java and JavaScript are already there. Will
Erlang as a browser plug-in offer any serious advantages /for the end user/?
I suspect the answer is No, so nobody will want to install the plug-in.
So concentrating on the server side is probably a better approach.
(Sure enough somebody will write the plug-in anyway... the interesting
question being whether it's going to be maintained.)
Just my 2c.
Jo
More information about the erlang-questions
mailing list