Sun Feb 5 15:33:13 EST 2017

Storing closures in BERT

How insane an idea is it to just trust the browser with storing raw
closures in serialzed form?  As long as they are opaque and
tamper-proof, this should be possible.

I.e. it doesn't matter that the browser code can read the closure
information, but it is a little problematic if it can construct an
arbitrary closure.

So essientially, it doesn't need to be encrypted, but it does need to
be authentic, i.e. generated by the server.

Looks like HMAC is what I want:


http://erlang.org/doc/man/crypto.html -> hmac