[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: OO - keeping lua as lua
- From: Mark Hamburg <mhamburg@...>
- Date: Tue, 25 Jan 2005 10:57:22 -0800
on 1/25/05 9:43 AM, PA at firstname.lastname@example.org wrote:
> On Jan 25, 2005, at 18:29, Mark Hamburg wrote:
>> I can see an argument for wanting to protect consumers from sloppy or
>> malicious authors.
> What would be that argument? Getting out of your way to _enforce_ some
> notion of what is good and what is not is a bit condescending to your
> potential users, no?
Trashing the user's database is unlikely to be viewed as good. Destabilizing
the application is unlikely to be viewed as good.
The feature for users from protection is that they can feel a bit more
confident in running scripts they didn't write themselves.
> In any case, nothing beat good, old fashioned documentations :)
My users aren't script writers. They are script consumers. Documenting how
to use the system won't protect them.
>> An extension script might not work, but it would be nice if it couldn't
>> cause damage throughout the system.
> If it's so important for your project to protect the innocents from
> themselves, then "sandbox" your application/library/whatnot one way or
> another. But this seems to be a lost cause: if people want to shot
> themselves in the foot, they will, no matter what.
The issue is that sandboxing data is relatively difficult, but see my longer
message from this morning on ways to do it.