 |
lua-l archive |
|
|
||
|
On 8/23/2010 9:39 AM, Henk Boom wrote:
On 22 August 2010 09:09, Stuart P. Bentley wrote:It'd probably be a good idea to make rejecting bytecode in load() an #ifdef, with a prominent note in the manual / README that it should be defined in essentially anything that runs editable scripts and/or doesn't have its own bytecode verification routine.Maybe having load() reject bytecode and adding a debug.load() that accepts it would communicate the right message.
Let's stop treating developers as kiddies. Too much babysitting and pretty soon some will come to depend on the babysitting. If someone builds an app and skips sandboxing *when it is needed* and skips disabling binary chunks *when it is needed*, then it is a prototype of an application, not a completed application. Paying customers should be wise to seek reimbursement or upgrades.
Assuming we are not using Lua as a language platform, can someone name applications that allows loading of untrusted third party binary chunks? Always curious for actual examples...
-- Cheers, Kein-Hong Man (esq.) Kuala Lumpur, Malaysia