[erlang-questions] Two beautiful programs - or web programming made easy

Ryan Zezeski <>
Tue Feb 15 00:38:46 CET 2011


2011/2/14 Frédéric Trottier-Hébert <>
>
>
> This has *nothing* to do with encryption, and everything to do with not
> understanding the potential threats of the web correctly. It is an
> application-level issue, much like XSS is. And it's pretty damn important.
>
>
Except when it isn't.

You make a very impressive summarization of web security problems, but there
are many apps where these problems go away because they simply, don't,
matter.  For example, how about building a new interface to the appmon
application using this with Raphael or Protovis?  Do I really need to worry
about all this crap?  I'd argue, no.  If I'm using appmon it's behind a
firewall and I trust the user to be competent.  Just like 'rm -f 'in unix.
 Plus, who gives a sh*t (pardon my French) about a hijacked session when
someone else just cracked your gateway because of default passwords.  My
point being, there are so many doors, and this focuses on one.  Getting it
right is very hard, and thus very costly, and that's why I think the first
thing to ask is "Does this even need to be secure?"  Given enough time,
anything can be had.

If nothing else Joe has stumbled upon a way to rapidly produce nice-looking
and feature rich GUIs in Erlang, and yet it seems everyone has somehow
missed this point and focused on security and support and whatnot.  I'm glad
there are Joe's in the world, otherwise it would be a pretty boring place.

Don't let perfect get in the way of good enough.  As Joe said, life is too
[expletive deleted] short.

-Ryan


More information about the erlang-questions mailing list