lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> Could you still have a denial of service attack where looping code is
> sent to the server?

You can use linehooks to prevent that (but that is not my point, see
below).


> Scheme's advantage is that you can treat code as data and check it.

Yes, but that check is non trivial, and the possibility of bugs in it
are endless. And each bug is a security hole.

I am not saying that the Lua solution does not have security holes. My
point is that, if you are not concerned with security, it is easier to
use Lua. If you are concerned, it is better not to send code, whatever
the language. (Or else, you should solve your security problems in
another level (for instance with encoded messages), not by checking
code.)

-- Roberto