[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [q] web-safe loadstring
- From: Luiz Henrique de Figueiredo <lhf@...>
- Date: Fri, 17 Oct 2008 12:17:52 -0300
> I would like to set up the environment such that the users cannot
> 'execute' something that would be able to read/write to the host's
> operating system.
Since you mention web in the subject, have a look at the source of the
Lua live demo:
http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/#demo
This simply deletes all dangerous functions before running user code,
which works well because each query runs in a separate process. If you
need to keep a single process, then look at setfenv and sandboxing techniques:
http://lua-users.org/wiki/SandBoxes
