[erlang-questions] Erlang web framework
Tristan Sloughter
tristan.sloughter@REDACTED
Sun Dec 11 01:37:51 CET 2011
>
> My time with webobjects development taught me that securing web
> applications is extremely difficult, so that when the web-framework can
> do it automatically, it is a great win for everybody.
Can't agree more. I really liked with Opa that SQL Injection and XSS were
taken care of. Of course, I know it can't be perfect on stopping XSS
attacks but its still very nice to have that built in. Like I wrote a
little project Opado without caring about security since I was just
learning at the time. And of course people tried, as you can see form name
examples here http://opado.org/admin (takes a bit of time to load), but Opa
catches it.
And you can't have SQL injection if you don't use any SQL :)
So Maru won't have to worry about SQL injection... but XSS I'm not sure
what to do about yet and some other things I'm not sure what to do about
yet. Besides the obvious things like using SSL for everything so sessions
can't be stolen and I run through CloudFlare.
I'd love to be able to say security was a major feature of Maru, especially
since I'm basing my business on this technology, haha, so if you have any
suggestions from your experience please let me know and any resources links
would be great -- we can take that off list.
And I hope Genbu (the apps where the security will be actually implemented
for users, sessions, resource control rules, etc) will be able to be used
in other frameworks to have a nice core secure and community tested Erlang
set of apps for this that can be used by any framework or webserver. Sort
of like Apache Shiro.
But i tried some of the examples and it was not working.
You should definitely give it another shot. Maybe the new version S4 will
work easier for you. I found it simple to start with as it just compiles to
a single binary that you run, not having to worry with starting any
services or installing other dependencies (unless you want distribution, in
which case you need HAProxy).
Tristan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20111210/af6db811/attachment.htm>
More information about the erlang-questions
mailing list