[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Safe config file using Lua
- From: Irayo <irayo.lt@...>
- Date: Mon, 06 Aug 2007 14:43:57 -0500
Jose Marin wrote:
But this not:
ResourcePath = "c:/myres"
The user could use "ActionKey " and "SetResolution", but not "ResourcePath " or "SetPlayerMaxHealth".
You could just make a new Lua instance and not push the functions
"SetResolution" and "ResourcePath" to it, or you could set those
functions to nil before calling the config script and restore them
afterward, or (most preferably) set the environment to a blank or
limited one before loading the config file. See the Lua reference for
"lua_setfenv" for more information on the latter option.
The most obvious option is the last one: creating a limited environment
(see setfenv and stuff) and just loading the config file in that
environment. This is called sandboxing.
Then again, if your game is coded in Lua, why wouldn't someone just
modify the *other* Lua files (which the game "trusts") and change what
they wanted to change? Furthermore, if you load the game data files
after the config file, this shouldn't matter, because anything that the
config file set (like MaxPlayerHealth) would be overwritten by the game