lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Thanks for your help so far, i guess i have to study luas sandboxing
facilities. What still gives me frown, is that these sandboxing facilities
are all implemented in lua. A user, who wants to bypass any restrictions,
could just rewrite it, i guess. Or is the idea to have some basic lua
code, the user is not permitted to modify, and load the user modified
ai in some sandbox?

I feel compelled to further describe, why this is so important to me.
In my game the user may have submarines at his disposal. As long
as a submarine is diving, the user should not be able to give any
instructions to it nor receive any messages from it. And i don't want
him to do so "through" other units resp. their ai.

In an action game, a similar idea might be used, to enforce that
units only within some range may communicate.

2010/1/19 Rob Kendrick <rjek@rjek.com>:
> On Tue, 19 Jan 2010 17:07:18 +0100
> ingmar wirths <ingmania@googlemail.com> wrote:
>
>> > Is there a specific reason you're wanting to use different states
>> > rather than the more usual sand-boxing approaches by using
>> > environment tables?
>>
>> Well, as i sad, i want to restrict communication between units and
>> provide an communication api to enforce this. A glimpse on
>> environment tables looked promising at first, but on a second
>> thought, since i want to permit the user to modify the ai, he could
>> probably easy bypass these restrictions.
>
> It's easy to provide an API to your sandboxed functions that your
> trusted Lua can process.  And it can be made quite difficult to break
> out of these sandboxes.  (Especially with liberal use of the debugging
> library.)
>
> B.
>