Jaws - coming soon - testers and advice wanted

Alex Arnon <>
Mon Feb 20 14:24:34 CET 2006


On 2/20/06, Joe Armstrong (AL/EAB) <> wrote:
>
> No - javascript is executed on the client - never the server. Nothing you
> can do on the client can damange the sever
> *provided* the server code is safely compiled.
>
> I guess I omitted to say that in my "safe" mode of compilation
> *everything* is compiled with a safety wrapper (ie including
> BIFs) - thus
>
>     apply(M, F, A) is transformed to safe:do(erlang, apply, [M,F,A])
>
> and
>
>    list_to_atom(X) to safe:do(erlang, list_to_atom, [X])
>
>    Then safe:do/3 can be written with any policy you like - to enable or
> disable more or less risky operations
>
> /Joe
>
>
>  ------------------------------
> *From:*  [mailto:
> ] *On Behalf Of *Alex Arnon
> *Sent:* den 20 februari 2006 12:49
> *To:* 
> *Subject:* Re: Jaws - coming soon - testers and advice wanted
>
> Could the Javascript apply(...) binding cause new atoms to be created? In
> that case, wouldn't that constitute a security hazard?
>
> So this would enable me to define explicit "bindings" to server-side
functionality - excellent!
BTW, how can one check if a string represents an existing atom or not?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20060220/7a2be1b2/attachment.html>


More information about the erlang-questions mailing list