[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Simple Lua for scripts
- From: Jamie Webb <j@...>
- Date: Tue, 23 Aug 2005 12:41:36 +0100
On Mon, Aug 22, 2005 at 10:58:25PM -0300, Alain wrote:
> That is ok and most of the time works. Users most of the time have a way
> of transforming a situation, and then is when I don't trust them.
> If a user can say: "The specs say it is Lua code, this is Lua code so it
> should work for you too". That is when they get most agressive. When I
> can say that it isn *not* lua, but something with special limitation and
> if I can enforce such limitations, then I *can*trust* the users because
> they have no ground for argueing.
> In the last years, I learned some interesting things about users: if
> they thing that they will get away with it, they will try to break it.
> If they feel that you can catch them (audit logs, video recordings) then
> they don't even try.
So, replace all the 'dangerous' functions with:
This function is disabled. You are very bad for trying to use it. The
system administrator has been notified. Big brother is watching.
If you run Lua with a sandbox, it /is/ a restricted version and you
/can/ enforce that. And you /can/ tell your users it's a restricted
version. Why are you so convinced that sandboxing won't do what you
-- Jamie Webb