lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Thanks Ben for the information, but that is not enough. It does protect a function to alter some things, but a skilled (auto-nominated) can use other ways to access what he is not suposed to use.

I what I really am looking for is validating a minimal Lua-subset and avoiding commands unknown by me to get into the scripts.

I am Ssorry to ask the same quastion 3 times, but I feel that I did not make myself clear enough :(

Alain

Ben Sunshine-Hill escreveu:
That's accomplished with setfenv.
On 8/22/05, Alain <alainm@pobox.com> wrote:


Aaron Brown escreveu:

Alain wrote:

I want to include Lua scripts in screen objects. My
concern is that I want to limit accessibility to too many
LUA commands, I want to limit the commands that he can
use.

If I understand what you're trying to do, it can be done
easily in stock Lua.  First use loadstring() to turn the
user's code into a function (this is where you catch any
syntax errors).  Then use setfenv() to keep the function
from accessing any dangerous globals.  This second step is
explained in section 14.3 of Programming in Lua:
<http://www.lua.org/pil/14.3.html>

Ok, that was very usefull information and I will probably use both. But
what I intended is something more restrictive. I want a syntax checker
that forbids access to many lua functions, just saying ok/notok. I am
thinking of a lexical analysis with only minimal lua syntax or something
like that...

The problem is that LUA is a powerfull language, and I don't want users
with all that power because I am the one who will have to give support
to the program. That means that if the user puts some statement in his
script he can do more that was intended fot him to do.



That's accomplished with setfenv. Just only put the safe functions in
the environment that is set for the function.

Ben