[erlang-questions] Erlang web framework

eigenfunction emeka_1978@REDACTED
Sat Dec 10 23:42:24 CET 2011



On Dec 10, 11:06 pm, Tristan Sloughter <tristan.slough...@REDACTED>
wrote:
> I've tried pretty much every Erlang web framework (some more than others).
>
> Could you explain what you mean about Lift's security, 'ajax+html component
> security'?

I am talking about security in the sense of the "Open Web Application
Security Project (OWASP)".
My time with webobjects development taught me that securing web
applications is extremely difficult,
so that when the web-framework can do it automatically, it is a great
win for everybody. Webobjects, seaside,
and lift uses some type of identifier for all dynamically generated
html components, which makes them inherently secure,
compared to the stateless web applications, against things like XSS
attacks or session replay attacks.

> The main frameworks are: ChicagoBoss (Railish), Nitrogen (evet-based
> architecture), Zotonic (a CMS/framework in my opinion, they may just say
> CMS), Erlang Web (the one I have least played with but does seem the most
> OTP fitting) and Erlyweb.
>
> I haven't personally been happy with building full projects in any of these
> (though Zotonic has been GREAT for projects that just need a CMS like my
> wedding website, and Chicago BOSS looks great for MVC style Erlang web
> development) and now I'm doing my own which is based on Webmachine and
> Batman.js with security based on resource access control using Seresye (https://github.com/afiniate/seresye) and an Erlang security framework
> Genbu.
>
> So the idea is the client is built completely in Batman.js and communicates
> (JSON) with the Webmachine based RESTful interface of the backend (which I
> am greatly simplifying the necessary steps needed to build). And then all
> security on the backend is based on the idea of writing a rules engine with
> Seresye which will be simplified for web resource/db use as part of Genbu
> (which I am moving all web session, authentication logic from Maru to).
>
> I hope to have the pieces for Genbu and Maru and an example, for others to
> start using it, committed tomorrow or sometime this week, but
> http://claimstrade.github.com/maru/is the "idea" -- well its more than an
> idea I am building this while building a real business on top of it. So it
> is taking what I find I need as I build the business and then adding it to
> the framework, or taking out and moving to the framework. Also is based on
> a couple years of Webmachine based web development and what I saw went
> wrong in some cases as we did so.
 I find the idea quite interesting and will check that out.

> That said, and even though this is an Erlang list so I hope I'm not yelled
> at :), I have to also point you at Opa (http://opalang.org/) because I
> really like it for building sites. And it is very secure
> and statically typed (even your frontend code is compiled and type
> checked!).

I have done some ocaml when i was at the university and liked OPA when
i first saw it.
But i tried some of the examples and it was not working. That turned
me off.
Might check that again later.
Thank you.



More information about the erlang-questions mailing list