Jaws - coming soon - testers and advice wanted
Joe Armstrong (AL/EAB)
joe.armstrong@REDACTED
Mon Feb 20 13:43:58 CET 2006
No - javascript is executed on the client - never the server. Nothing
you can do on the client can damange the sever
*provided* the server code is safely compiled.
I guess I omitted to say that in my "safe" mode of compilation
*everything* is compiled with a safety wrapper (ie including
BIFs) - thus
apply(M, F, A) is transformed to safe:do(erlang, apply, [M,F,A])
and
list_to_atom(X) to safe:do(erlang, list_to_atom, [X])
Then safe:do/3 can be written with any policy you like - to enable or
disable more or less risky operations
/Joe
________________________________
From: owner-erlang-questions@REDACTED
[mailto:owner-erlang-questions@REDACTED] On Behalf Of Alex Arnon
Sent: den 20 februari 2006 12:49
To: erlang-questions@REDACTED
Subject: Re: Jaws - coming soon - testers and advice wanted
Could the Javascript apply(...) binding cause new atoms to be
created? In that case, wouldn't that constitute a security hazard?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20060220/6baf265c/attachment.htm>
More information about the erlang-questions
mailing list