[erlang-questions] Preventing calling some functions

Jayson Vantuyl <>
Sun Dec 13 14:40:52 CET 2009


> Hi,
> 
> I don't see why I should have more trust and confidence in the creator of the server application itself then in the creator of a plugin.
> If I want to restrict a plugin from doing something particular on my machines, I would restrict the server itself in the first place.
I don't particularly buy this.  I think that there are plenty of reasons to lock-down a plug-in that have nothing to do with trusting the author or not.  If security is at all a concern, it's perfectly reasonable to attempt to achieve a high-level of compartmentalization between components.  The principle of least privilege is a good one, even within an application.  The plug-in author doesn't have to be malicious for her code to be abused.

> Your second point sounds like "defensive programming". See: http://www.erlang.se/doc/programming_rules.shtml#HDR11
I heartily agree on this point.


-- 
Jayson Vantuyl








More information about the erlang-questions mailing list