Re: Lua Syntax as a Wire Format?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua Syntax as a Wire Format?
From: Roberto Ierusalimschy <roberto@...>
Date: Mon, 25 Mar 2002 11:41:12 -0300

> Could you still have a denial of service attack where looping code is
> sent to the server?

You can use linehooks to prevent that (but that is not my point, see
below).


> Scheme's advantage is that you can treat code as data and check it.

Yes, but that check is non trivial, and the possibility of bugs in it
are endless. And each bug is a security hole.

I am not saying that the Lua solution does not have security holes. My
point is that, if you are not concerned with security, it is easier to
use Lua. If you are concerned, it is better not to send code, whatever
the language. (Or else, you should solve your security problems in
another level (for instance with encoded messages), not by checking
code.)

-- Roberto

Follow-Ups:
- Re: Lua Syntax as a Wire Format?, Reuben Thomas

References:
- Re: Lua Syntax as a Wire Format?, Christian Lindig

Prev by Date: Re: Lua Syntax as a Wire Format?
Next by Date: Re: Lua Syntax as a Wire Format?
Previous by thread: Re: Lua Syntax as a Wire Format?
Next by thread: Re: Lua Syntax as a Wire Format?
Index(es):
- Date
- Thread