Thanks for the reply, Ulf. This seems like the inverse of what I want, if I'm understanding it correctly. This allows the client to run untrusted code on the server, right? What I want is to have the server run trusted code on the client and be able to trust the result.
<br><br>So, let me break it down a little more...<br><br>- Client connects to server.<br>- Server sends code to client<br>- Client runs process<br>- Clients sends result to server<br>- Server trusts client result<br><br>In the middle of this is the fact that I don't really trust the client, so I would have to know that the result I get from the client is actually the result of running the process I sent to the client and not the result of some hack. In general, there are two hack concerns: hacking the running process to process differently and hacking the resulting data stream to give a fake result.
<br><br>I realize that this may be wishful thinking, but a month ago, having a system that would scale significantly without introducing unbelievable complexity into my code was also wishful thinking; then I found Erlang. :)
<br><br>tj<br><br><div class="gmail_quote">On Jan 7, 2008 12:01 AM, Ulf Wiger (TN/EAB) <<a href="mailto:ulf.wiger@ericsson.com">ulf.wiger@ericsson.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Travis Jensen skrev:<br><div class="Ih2E3d">> I've been looking around online and haven't seen anything to contradict<br>> what I assume to be the case, but I'm unfamiliar enough with Erlang that<br>> I figure I should ask.
<br>><br>> Assuming I have a server on one system and a client on another system<br>> that exists out somewhere else in the broad, scary internet. The server<br>> is trusted, the client is not. The network connection between the two
<br>> is not trusted.<br>><br>> Is there any way to run trusted code on the client?<br><br></div>As far as I know, the closest you will get right now with<br>Erlang is ErlHive.<br><br> <a href="http://erlhive.sourceforge.net/" target="_blank">
http://erlhive.sourceforge.net/</a><br><br>ErlHive is sort of presented as a web application development<br>framework, but is really mainly a multi-user back-end with<br>safe code execution. It happens to have a front-end application
<br>which hooks into Yaws, and enables user authentication via<br>HTTP.<br><br>ErlHive is able to compile modules from source, or interpret<br>erlang expressions. It forbids operations that are not known<br>to be safe, but also offers safe alternatives to many
<br>operations that normally wouldn't be: a virtual file system,<br>process spawning, send & receive, ets tables, etc. All code<br>runs inside mnesia transactions.<br><br>BR,<br>Ulf W<br></blockquote></div><br><br clear="all">
<br>-- <br>Travis Jensen<br><a href="mailto:travis.jensen@gmail.com">travis.jensen@gmail.com</a><br><a href="http://cmssphere.blogspot.com/">http://cmssphere.blogspot.com/</a><br>Software Maven * Philosopher-in-Training * Avenged Nerd