[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Lua Security Considerations...
- From: Javier Guerra <javier@...>
- Date: Wed, 11 Mar 2009 12:16:16 -0500
On Wed, Mar 11, 2009 at 11:56 AM, Mike Panetta <firstname.lastname@example.org> wrote:
> If management is so worried about someone decompiling your application
> binary to access the Lua code, why are they not worried aboyt someone doing
> the same to the C code? If someone can decompile your code at all (which
> they can, there is almost no way to stop someone from doing that) then there
> is no point in worrying about Lua specificly, even your IP written in C is
> at risk.
exactly my thoughts. Lua only adds entry points if the Lua code is
from an untrusted source. if your Lua code is linked into your
executable, a cracker would have to break that open first.
if you want a little more security, restrict the Lua environment as
much as possible, and put some checksums in the code to alert
modifications before executing.