[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: [ANN] pure Lua engram implementation
- From: Richard Hundt <richardhundt@...>
- Date: Mon, 03 Jan 2011 14:32:11 +0100
On 01/03/2011 02:05 PM, Alexander Gladysh wrote:
You should warn your library users that it is not safe to load such
data if it comes from untrusted source. Also it is not compatible with
Why, it's completely out of scope. Calling engram() returns a function.
If the user chooses to dump that function via string.dump(), or load a
dumped function from another source, surely the security issues are
their concern and not this library's? It's orthogonal.
Again, you don't get a string, you get a function. What you do with that
is your concern.