lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Wed, Jun 17, 2009 at 11:11 AM, Imagine
Programming<> wrote:
> It's a lua plugin script that contains a table that should be only
> changed through the plugin functions. If the user accidentally
> changes the table it will mess up the functionallity of the plugin.
> most of these users are no programming experts, so I'd like to make it as
> easy for them as i can.

What about if they accidently redefine table.insert, will that effect
you're plugin?

> I havn't got much knowlege about setmetatable and getmetatable, so would
> it be wise for me to just let this be and not make the table read only?

If you need to sandbox them, you're going to have work harder, and
identify what you don't want them to do (os.system(), io.popen()?).

If its just this table you're worried about, and you want to make sure
they don't change the real on, why not just make a copy of the table,
and pass it to them. You're plugin can use the real one, they'll only
mess up their copy.

Personally, I think that if they can be trusted not to actually be
malicious, then you might be best focussing on avoiding them making
mistakes by giving them APIs to use that are so easy to use they don't
make mistakes. If they keep doing lame things, you can focus on the
stuff that ends up being a problem.

And check out strict.lua, you might want to pre-require that to
prevent them mis-typing names.