I'm trying to figure out if Node will work for our platform or not (or even V8 in general). We're planning a rewrite. We use PHP. We need to allow users to write server side plugins. For it to be secure in PHP we'd have to write a "language" using flex/bison to eliminate dynamic function calling and only allow whitelist functions. I can do this. But users would have to learn this "new language". Most users, if they have any "web development" experience, are going to be more familiar with JavaScript. So I'm looking at V8, and thus I found Node.js.
Node.js seems very promising. Write the same code on server side and client side - one language instead of two. JavaScript has an event and async model built in. Node.js provides a single application instance. Awesome. But what makes Node.js harder to swallow is the single thread. First off - I get it. No argument from me. You guys won't do a "thread pool"/"fibers", I understand your reasoning. In most projects this is OK because the developer has complete control over what code is executed. The code can be written in an async manner. What I'm trying to figure out is what to do when I want users to write plugins (untrusted code). I only want them to have access to (1) what V8 vanilla provides and (2) a few classes that provide context sensitive functions. But with a single thread malicious code goes well beyond what the user can access - It also includes writing code that blocks. As I understand it the only way to ensure a user can't jailbreak or block the event loop is to run their code in a separate thread, which is something that won't happen in Node.js. There were some mention of user-land solutions. But this makes me hesitant because wouldn't a "user-land" solution be written in JavaScript? What I'm looking for would be very much like how Chrome isolates tabs. Pages from different tabs can't communicate, and if one freezes the whole browser doesn't lock up. You can either close the frozen tab and/or open another one. I'm not asking you to include this in the core. I'm just trying to figure out if Node.js works for me in this situation. If there are solutions using Node.js let me know. If there isn't and Node.js isn't the right fit tell me. If Node.js doesn't work for me, are there are server V8 projects that would be more appropriate, like v8cgi, or should I just stick with PHP? Also, what kind of applications would you not trust on Node.js? Should someone like Amazon trust Node to power their shopping cart knowing that having the one thread fail could prematurely cut off thousands of in-progress transactions? I'm sure Node.js isn't intended to be the "fit all" solution for everything. But are there things you would say "you should never use Node for X, but it would be great for Y"? Thank you for your patience :)! -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
