[erlang-questions] A safe Erlang for third party users

Ulf Wiger ulf.wiger@REDACTED
Wed May 26 09:57:30 CEST 2010


On 05/26/2010 05:06 AM, Jeff wrote:
> Is there a way to create a safe subset of Erlang which you could give an
> unknown person access to which is run on your own system? My thinking is
> something along the lines of: you have a web site which has aspects
> which are best controlled by a language, eg complex security for who can
> see what, etc. So rather than provide a list of check boxes, slider, and
> what not; You provide a file upload form and the user can upload a file.
> This is then compiled, and filtered for allowed and side effect free
> calls, etc before being allowed to execute on the web server's erlang
> vm. The filtering, I would image, would either be on the source code, on
> some partial compile of the file and/or on the compiled beam and would
> only permit expressly allowed function calls and parameters.

I did some work on that with erlhive:

http://erlhive.sf.net

"ErlHive - Safe Erlang Reloaded!" (EUC 2006)
http://erlang.mirror.su.se/euc/06/proceedings/1630Wiger.ppt

"Micro-fiddling with Erlhive" (blog article)
http://ulf.wiger.net/weblog/2009/03/10/micro-fiddling-with-erlhive/

I can safely say that it is very, very difficult to do this in a
sufficiently transparent way. I tried to come up with a reasonable
set of compromises, and put in quite some work to try to execute
as much mainstream erlang code as possible, but the low uptake
may suggest that this was not enough (to be clear, I did it
because it was an intriguing problem, so I'm not complaining).

Anyway, the idea of erlhive was to make it possible to have a
web site running hosted erlang code, where applications could
export a public API and at the same time hide private code and
data.

The thing that stopped my progress was that I tried to come up
with a good code management regime for the hosted apps, but
didn't manage to wrap it up neatly. Afterwards, I have thought
that the best way to proceed would be to lower the ambition level
and treat Erlang as a multi-user active database back-end, which
is also the jist of the blog article referenced above.

BR,
Ulf W
---------------------------------------------------

---------------------------------------------------

WE'VE CHANGED NAMES!

Since January 1st 2010 Erlang Training and Consulting Ltd. has become ERLANG SOLUTIONS LTD.

www.erlang-solutions.com



More information about the erlang-questions mailing list