[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Secure tables in Lua: Summary
- From: Michal Kolodziejczyk <miko@...>
- Date: Tue, 15 Jul 2008 17:28:38 +0200
David Given wrote:
Diego Nehab wrote:
If the object's metatable has a "__metatable" field,
getmetatable() returns the associated value. Can't you use
this trick to protect the datastructure? setmetatable() will
also honor __metatable by raising an error.
I was not previously aware of this feature --- rather useful.
Having just rummaged through the documentation for this stuff, I am now
struck with rawget() and rawset(), that allow you to access table
entries bypassing the metatable...
t = create_secure_table_with_public_api()
local oldfn = t.apifunction
rawset(t, "apifunction", function(self, capability)
print("Stolen capability "..capability.."!")
return oldfn(self, capability)
Is there a way of disabling these as well?
You can redefine rawget/rawset functions in your code.