[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Metatables are "hard" (Re: Question about __index and classes)
- From: Lorenzo Donati <lorenzodonatibz@...>
- Date: Sun, 11 Sep 2011 17:34:19 +0200
On 11/09/2011 16.45, Daurnimator wrote:
On 12 September 2011 00:26, Richter, Jörg<Joerg.Richter@pdv-fs.de> wrote:
In Lua you cannot sandbox a metatable away. An offending script still
might just call getmetatable.
Then use __metatable:
As a note to using __metatable; its a good idea to return a
string/object unique to each metatable.
Its nice if code can use getmetatable() to check for type equality.
Couldn't you simply use the metatable itself as a "type identfier"?
If you are concerned about security and don't want to expose the
metatable, returning a "type token" using __metatable just moves the issue.
In fact any client can store the token and then create bogus objects
with fake identity (when asked they could return the previously stored
token) so we have another security hole (of another kind).
Or am I missing something?