I suppose server admins have always been concerned about security when allowing clients to send scripts. We haven't had very many easy solutions such us AskVM for running these programs in a custom context (see https://news.ycombinator.com/item?id=23302670 for more). Here, more security allows better expressibility, which helps with the performance. Trust leads to better systems.
eval( <javascript> ) is terrible at ensuring security. Query programs are executed against the same environment as your own programs!
ask { <askscript> } runs on AskVM which is a separate execution context that you define yourself with the exact set of resources, values and limits the each incoming program needs. AskVM is currently implemented in JavaScript. We plan to port it to Python, C and AskScript very soon.
6 comments
[ 3.1 ms ] story [ 25.1 ms ] threadMarcin Hagmajer ~ AskQL Core Team, xFAANG
ask { <askscript> } runs on AskVM which is a separate execution context that you define yourself with the exact set of resources, values and limits the each incoming program needs. AskVM is currently implemented in JavaScript. We plan to port it to Python, C and AskScript very soon.
Check out https://humanwhocodes.com/blog/2010/10/26/wanted-dynamic-exe... to learn more about this subject.
Sorry to have taken almost an hour to get back to you, we're talking with a few people at the moment. The code is live for 6 hours already.
Marcin Hagmajer ~ AskQL Core Team, xFAANG