Hacker News new | past | comments | ask | show | jobs | submit login

That would assume you trust the server not to give you malicious machine code (which you of course cannot!). wasm is specified in such a way that it is still sandboxed by the VM that compiles it. If you fetch arbitrary machine code, you cannot verify it and that leads to huge security holes!



> which you of course cannot!

Didn't Google's NaCL implement verification of sandboxed machine code?


Maybe, but at what cost? I wouldn't be surprised if the cost of verifying the machine code was higher than the cost of compiling wasm to machine code.


Why can’t you just cache it with a hash?


How would the client know the hash is valid?


Perhaps he means you compile the code locally, hash it, and then next time you can fetch the compiled code from a server, and check the hash matches?


That's possible; a kind of second-level cache. That assumes the compilation is reproducible, though.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: