Hardening Drupal with WebAssembly

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Proxy WASM WebAssembly envoy envoyproxy

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • spec

    WebAssembly for Proxies (ABI specification) (by proxy-wasm)

    • Wasm Labs dev here :)

    In mod_wasm, there are some differences with a pure CGI implementation. When Apache boots, it loads the configuration and initializes the WasmVM. When a new HTTP request arrives, the VM is ready so you don't need to initialize a different process to manage it.

    You still need to process the request and pass the data to the Wasm module. This step is done via STDIN through the WebAssembly System Interface (WASI) implementation [0]. The same happens in the opposite direction, as the module returns the data via STDOUT.

    So, the CGI pattern is still there, but it doesn't require new processes and all the code runs in a sandbox.

    However this is not the only way you can run a Wasm module. In this specific case, we use CGI via WASI. In other cases, you may compile a module to fulfill a specific API, like ProxyWasm [1] to create HTTP filters for proxies like Envoy.

    - [0] https://wasi.dev/

    - [1] https://github.com/proxy-wasm/spec

  • wasi-libc

    WASI libc implementation for WebAssembly

    • Wasm Labs dev here :)

    In mod_wasm, there are some differences with a pure CGI implementation. When Apache boots, it loads the configuration and initializes the WasmVM. When a new HTTP request arrives, the VM is ready so you don't need to initialize a different process to manage it.

    You still need to process the request and pass the data to the Wasm module. This step is done via STDIN through the WebAssembly System Interface (WASI) implementation [0]. The same happens in the opposite direction, as the module returns the data via STDOUT.

    So, the CGI pattern is still there, but it doesn't require new processes and all the code runs in a sandbox.

    However this is not the only way you can run a Wasm module. In this specific case, we use CGI via WASI. In other cases, you may compile a module to fulfill a specific API, like ProxyWasm [1] to create HTTP filters for proxies like Envoy.

    - [0] https://wasi.dev/

    - [1] https://github.com/proxy-wasm/spec

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • php

    PHP compiled to WebAssembly (by wapm-packages)

    • Is that possible, though? To compile PHP to WASM seems possible¹, but not sure if Drupal can be compiled: drupal does (did? back when I did Drupal it certainly did. I certainly did) some really funky metaprogramming and eval() stuff. Like keeping PHP in the database.

    ¹https://github.com/wapm-packages/php

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts