Erlang: securing apply/3 in an RPC server

I'm looking to build a fairly straight forward RPC server. Clients should be able to send messages to the server with MFA style messages, and the server will know what to do from there, be it search the cache for some data, or invoke some web services, etc. My question is two fold:

• What kind of performance impact will it have to use apply/3 in my project exclusively for mapping messages from a client to module:function/arguments

  开发者_开发问答

• Is the best way to secure this by creating a white list of what modules can be invoked? I want to make sure users do not rm -fr my server.

What are some ways of going about this? Some code for a white list would be great also.

Currently there's no native mechanism to restrict function calls in Erlang. Right now, it's cookies for authentication and something like SSL for transport security.