> JavaScript gets analysed and minified by different tools, you'll have a > choice between serveral AST parsers to start your creation of a DSL for > your users (even and especially if it means a subset of the > JavaScript/EcmaScript language). Maybe you can even prevent users to > write code which wedges the eventloop. > > As for the rest (threads etc.), I think this is a complicated territory > which PHP does not master at all (please prouve me wrong, that will help > me regain respect to PHP again). And nodejs trys to cover, but does not > with sufficient "stability" (node is just too young, this is an > untested/unexplored domain in development, portability). Still v8 > sandboxing seems the way to go (no idea though how this is going to be > done). > > Ph >
I would only have to go the AST route if generating PHP code. PHP has a lot of dangerous features that make it difficult to run untrusted code securely. I'm assuming that if I were to run an isolated V8 process/thread that it would be very similar to Chrome's tabs. Each is isolated and can't touch the system. Actually PHP masters this quite well, you just have to ditch Apache. mod_php sucks because it embeds PHP into every Apache worker, even for static requests (eats memory). mod_fcgid and mod_fastcgi (maintains PHP worker pool) are buggy, and cache engines like APC can't communicate across PHP workers so each have their own separate cache (eats memory). mod_fcgid blocks but is better maintained, but mod_fastcgi doesn't but and isn't really maintained. If you use PHP-FPM (fast cgi process manager) you'll get a much better experience (usually used with Nginx). The difference between PHP-FPM and PHP-fastcgi is PHP itself has a master process that manages workers. APC communicates through the master process so cache is shared efficiently. You can restart PHP without touching the web server. Heck, you can even reload the configuration without interrupting a request. On Sunday, March 4, 2012 9:17:41 PM UTC-8, Mihai Tomescu wrote: > > I was working on a project a while ago where i wanted to do something like > this and you can do it pretty easily like this: > > I had one process which was the master 'plugin master' which spawned 5 > child 'plugin workers'. > The master and workers can talk via the ipc pipes if your only using node > processes or use some other messaging if ur doing non-node stuff (i like > zmq). > Then, the master dispatches a task to a worker which executes the task in > a new v8 context. > Now, depending on the security that you want you can either pool tasks on > one worker and run them all on the same context or you can run each one in > a separate process. > Then depending on your load, you can have your master spawn more / less > children. > > Does this work for you? > > I guess the only problem is that you can't create thousands of workers all > the time or you'll kill the scheduler. > I think that may be what I'm after. Security is very important. With PHP I have a "thread/process pool" per request anyway. Each request is short lived. How would I set this up ? How would I handle events? > > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
