Jaws - coming soon - testers and advice wanted
Alex Arnon
alex.arnon@REDACTED
Mon Feb 20 14:24:34 CET 2006
On 2/20/06, Joe Armstrong (AL/EAB) <joe.armstrong@REDACTED> wrote:
>
> No - javascript is executed on the client - never the server. Nothing you
> can do on the client can damange the sever
> *provided* the server code is safely compiled.
>
> I guess I omitted to say that in my "safe" mode of compilation
> *everything* is compiled with a safety wrapper (ie including
> BIFs) - thus
>
> apply(M, F, A) is transformed to safe:do(erlang, apply, [M,F,A])
>
> and
>
> list_to_atom(X) to safe:do(erlang, list_to_atom, [X])
>
> Then safe:do/3 can be written with any policy you like - to enable or
> disable more or less risky operations
>
> /Joe
>
>
> ------------------------------
> *From:* owner-erlang-questions@REDACTED [mailto:
> owner-erlang-questions@REDACTED] *On Behalf Of *Alex Arnon
> *Sent:* den 20 februari 2006 12:49
> *To:* erlang-questions@REDACTED
> *Subject:* Re: Jaws - coming soon - testers and advice wanted
>
> Could the Javascript apply(...) binding cause new atoms to be created? In
> that case, wouldn't that constitute a security hazard?
>
> So this would enable me to define explicit "bindings" to server-side
functionality - excellent!
BTW, how can one check if a string represents an existing atom or not?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20060220/7a2be1b2/attachment.htm>
More information about the erlang-questions
mailing list