Jaws - coming soon - testers and advice wanted

Joe Armstrong (AL/EAB) <>
Mon Feb 20 13:43:58 CET 2006


No - javascript is executed on the client - never the server. Nothing
you can do on the client can damange the sever
*provided* the server code is safely compiled.
 
I guess I omitted to say that in my "safe" mode of compilation
*everything* is compiled with a safety wrapper (ie including
BIFs) - thus 
 
    apply(M, F, A) is transformed to safe:do(erlang, apply, [M,F,A])
 
and
   
   list_to_atom(X) to safe:do(erlang, list_to_atom, [X])
    
   Then safe:do/3 can be written with any policy you like - to enable or
disable more or less risky operations
 
/Joe
 



________________________________

	From: 
[mailto:] On Behalf Of Alex Arnon
	Sent: den 20 februari 2006 12:49
	To: 
	Subject: Re: Jaws - coming soon - testers and advice wanted
	
	
	Could the Javascript apply(...) binding cause new atoms to be
created? In that case, wouldn't that constitute a security hazard?
	
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20060220/6baf265c/attachment.html>


More information about the erlang-questions mailing list