Server-less has become mainstream, and all relevant cloud platforms offer corresponding runtime environments. Elixir or Erlang can only be used in a roundabout way or lose their charm because they require their own platform.
Starfish.team provides a payment processing platform called Hellgate. Our service can be complemented with extension points to map customer-specific use cases. We have provided server-less / function as a service as an ideal starting point for these extensions.
In this talk, we present an approach for executing customised extensions on the same runtime as our core system. This requires elementary security mechanisms, which we achieve by analysing the code of the functions. In contrast to conventional white listing approaches, we can execute much more specific code (in the sense of a DSL) and prevent malicious calls.