[erlang-questions] Securely running code on an untrusted client

Travis Jensen <>
Mon Jan 7 20:22:56 CET 2008


Thanks for the reply, Ulf.  This seems like the inverse of what I want, if
I'm understanding it correctly.  This allows the client to run untrusted
code on the server, right?  What I want is to have the server run trusted
code on the client and be able to trust the result.

So, let me break it down a little more...

- Client connects to server.
- Server sends code to client
- Client runs process
- Clients sends result to server
- Server trusts client result

In the middle of this is the fact that I don't really trust the client, so I
would have to know that the result I get from the client is actually the
result of running the process I sent to the client and not the result of
some hack.  In general, there are two hack concerns: hacking the running
process to process differently and hacking the resulting data stream to give
a fake result.

I realize that this may be wishful thinking, but a month ago, having a
system that would scale significantly without introducing unbelievable
complexity into my code was also wishful thinking; then I found Erlang. :)

tj

On Jan 7, 2008 12:01 AM, Ulf Wiger (TN/EAB) <> wrote:

> Travis Jensen skrev:
> > I've been looking around online and haven't seen anything to contradict
> > what I assume to be the case, but I'm unfamiliar enough with Erlang that
> > I figure I should ask.
> >
> > Assuming I have a server on one system and a client on another system
> > that exists out somewhere else in the broad, scary internet.  The server
> > is trusted, the client is not.  The network connection between the two
> > is not trusted.
> >
> > Is there any way to run trusted code on the client?
>
> As far as I know, the closest you will get right now with
> Erlang is ErlHive.
>
>   http://erlhive.sourceforge.net/
>
> ErlHive is sort of presented as a web application development
> framework, but is really mainly a multi-user back-end with
> safe code execution. It happens to have a front-end application
> which hooks into Yaws, and enables user authentication via
> HTTP.
>
> ErlHive is able to compile modules from source, or interpret
> erlang expressions. It forbids operations that are not known
> to be safe, but also offers safe alternatives to many
> operations that normally wouldn't be: a virtual file system,
> process spawning, send & receive, ets tables, etc. All code
> runs inside mnesia transactions.
>
> BR,
> Ulf W
>



-- 
Travis Jensen

http://cmssphere.blogspot.com/
Software Maven * Philosopher-in-Training * Avenged Nerd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20080107/9623da9a/attachment.html>


More information about the erlang-questions mailing list