lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

I haven't seen anything like this on the Wiki, but I am very interested
to see what others have done, so I took the liberty of adding a page:

http://lua-users.org/wiki/ScriptSecurity

and an article on making tables read-only.

I'm eager to see the techniques others are using to make their scripts
more robust and secure.

-Kevin

> 
> Script "security" seems to be a typical issue.
> 
> This just came up as "I want to be able to safely share the 
> base libraries between scripts", and frequently comes up from 
> the other side of the fence as "I want to sandbox individual 
> scripts", and can even come up as complaints about the time 
> needed to initialize a Lua state (as you can't trust scripts 
> to leave the libraries and other globals unmolested).
> 
> I have to admit that I very quickly came to feel competent 
> enough with Lua to figure out the work arounds to these 
> issues (Lua's just so darn well laid out ;), but I never 
> trust that whatever time I spend thinking about security 
> "what ifs" is sufficient, so.....
> 
> It would be very nice if some people donated their ideas and 
> someone compiled them into a simple "issues to consider / 
> recommended practices document".  This may already exist on 
> the Wiki, but it would be very nice to see this boiled down 
> and either included with the manual as an appendix or placed 
> right along side the manual on the Lua sight. (um so what do 
> you think about that idea LHF et al?)
>