[erlang-questions] Securely running code on an untrusted client
Mon Jan 7 20:22:56 CET 2008
Thanks for the reply, Ulf. This seems like the inverse of what I want, if
I'm understanding it correctly. This allows the client to run untrusted
code on the server, right? What I want is to have the server run trusted
code on the client and be able to trust the result.
So, let me break it down a little more...
- Client connects to server.
- Server sends code to client
- Client runs process
- Clients sends result to server
- Server trusts client result
In the middle of this is the fact that I don't really trust the client, so I
would have to know that the result I get from the client is actually the
result of running the process I sent to the client and not the result of
some hack. In general, there are two hack concerns: hacking the running
process to process differently and hacking the resulting data stream to give
a fake result.
I realize that this may be wishful thinking, but a month ago, having a
system that would scale significantly without introducing unbelievable
complexity into my code was also wishful thinking; then I found Erlang. :)
On Jan 7, 2008 12:01 AM, Ulf Wiger (TN/EAB) <ulf.wiger@REDACTED> wrote:
> Travis Jensen skrev:
> > I've been looking around online and haven't seen anything to contradict
> > what I assume to be the case, but I'm unfamiliar enough with Erlang that
> > I figure I should ask.
> > Assuming I have a server on one system and a client on another system
> > that exists out somewhere else in the broad, scary internet. The server
> > is trusted, the client is not. The network connection between the two
> > is not trusted.
> > Is there any way to run trusted code on the client?
> As far as I know, the closest you will get right now with
> Erlang is ErlHive.
> ErlHive is sort of presented as a web application development
> framework, but is really mainly a multi-user back-end with
> safe code execution. It happens to have a front-end application
> which hooks into Yaws, and enables user authentication via
> ErlHive is able to compile modules from source, or interpret
> erlang expressions. It forbids operations that are not known
> to be safe, but also offers safe alternatives to many
> operations that normally wouldn't be: a virtual file system,
> process spawning, send & receive, ets tables, etc. All code
> runs inside mnesia transactions.
> Ulf W
Software Maven * Philosopher-in-Training * Avenged Nerd
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions