lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi,

The Kepler Project team is using a very similar solution to isolate CGILua
5.0 requests. We have a sandbox library that allows the separation of
contexts between user scripts.

The sandbox creator function receives a function F and an "allowed global
functions in F" table, returning the sandboxed F.

Peter Hickman's example could be used as

s1 = "x = 42"
s2 = "print(x)"

c1 = loadstring(s1)
c2 = loadstring(s2)

allowed = {print = true}

sandbox(c2, allowed)()
sandbox(c1, allowed)()
sandbox(c2, allowed)()

resulting in

nil
nil

as expected.

Peter, maybe you can also use CGILua 5.0 to handle your scripts since the
syntaxes are very close.

The script

[% io.write(os.date("%Y/%m/%d %H:%M:%S")) %]</p>
<p>We can also calculate 1 + 1 = [% io.write(1 + 1)%]

would be written as

<%= os.date("%Y/%m/%d %H:%M:%S")%></p>
<p>We can also calculate 1 + 1 = <%= 1 + 1%>

Notice that the absence of the explicit io.write call allows the same
template to be used in CGI/FCGI handlers as much as mod_lua/ISAPI/Servlet
handlers.

We have already reached alpha for CGILua 5.0 and we should release it in the
Kepler Project site as soon as the packaging is finished (that should take
about one more week from now).

The Kepler team will be also releasing the sandbox library as a standalone
subproject and the alpha version of Xavante (a CGILua enabled Lua web
server).

Andre Carregal
www.keplerproject.org



> -----Original Message-----
> From: lua-bounces@bazar2.conectiva.com.br
> [mailto:lua-bounces@bazar2.conectiva.com.br]On Behalf Of Kevin Baca
> Sent: Tuesday, March 30, 2004 12:21 PM
> To: 'Lua list'
> Subject: RE: Controlling scoping
>
>
> I'm not sure why that's working for you.
>
> What you want is called a "sandbox".  Search the archives for
> "sandbox"
> for some interesting discussions.