[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Secure tables in Lua: Summary
- From: Diego Nehab <diego@...>
- Date: Thu, 3 Jul 2008 20:00:13 -0400 (EDT)
t = create_secure_table_with_public_api()
local oldfn = t.apifunction
rawset(t, "apifunction", function(self, capability)
print("Stolen capability "..capability.."!")
return oldfn(self, capability)
Is there a way of disabling these as well?
If rawset is available, it's hard to secure things. But if
you move "apifunction" to the proxy table, then at least you
can detect if the table has been tampered with. Just use
rawget on it. If you find apifunction, you know it is the
wrong one. Also, you yourself can call rawset() to clear
the wrong apifunction, restablishing access to the correct
one via __index.
But I realize this is kind of ugly.