[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: RE: Security (was RE: Memory limits)
- From: "Kevin Baca" <lualist@...>
- Date: Thu, 9 Oct 2003 11:12:51 -0700
I haven't seen anything like this on the Wiki, but I am very interested
to see what others have done, so I took the liberty of adding a page:
and an article on making tables read-only.
I'm eager to see the techniques others are using to make their scripts
more robust and secure.
> Script "security" seems to be a typical issue.
> This just came up as "I want to be able to safely share the
> base libraries between scripts", and frequently comes up from
> the other side of the fence as "I want to sandbox individual
> scripts", and can even come up as complaints about the time
> needed to initialize a Lua state (as you can't trust scripts
> to leave the libraries and other globals unmolested).
> I have to admit that I very quickly came to feel competent
> enough with Lua to figure out the work arounds to these
> issues (Lua's just so darn well laid out ;), but I never
> trust that whatever time I spend thinking about security
> "what ifs" is sufficient, so.....
> It would be very nice if some people donated their ideas and
> someone compiled them into a simple "issues to consider /
> recommended practices document". This may already exist on
> the Wiki, but it would be very nice to see this boiled down
> and either included with the manual as an appendix or placed
> right along side the manual on the Lua sight. (um so what do
> you think about that idea LHF et al?)