[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Lua Browser Plugin
- From: David Given <dg@...>
- Date: Wed, 01 Aug 2007 14:41:03 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Ketmar Dark wrote:
> hello, David Given <email@example.com>.
>> Can the plugin download Lua code off the 'net and run it? Because if
>> so, this is a huge security risk --- it's not so much as a security
>> hole as a huge gaping abyss! And if it does so without asking the
>> user first (every time), then it probably also counts as a back
> hm... i always knows that java is a trojan. it does exactly so.
The Java plugin only runs sandboxed code --- it's very heavily restricted as
to what it can do, which makes it safe. The OP's Lua plugin can run arbitrary
Lua scripts (if I understood what he said correctly).
┌── ｄｇ＠ｃｏｗｌａｒｋ．ｃｏｍ ─── http://www.cowlark.com ───────────────────
│ "There does not now, nor will there ever, exist a programming language in
│ which it is the least bit hard to write bad programs." --- Flon's Axiom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----