lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tue, Jan 03, 2012 at 10:30:59PM +0100, Ashwin Hirschi wrote:
> 
> >This sort of attack is only an issue in a very narrow range of
> >applications, and the people developing those applications need to be
> >aware of the issue.
> 
> Please check your calendar. We're writing 2012 and software that
> somehow interacts with/across the Internet is not considered to be
> in a "narrow range" (by any stretch of the imagination).

Almost none of my code written in Lua in the past decade would enter
directly into a long-life hash table anything provided by an untrusted
user.  I'm sure I'm not alone.

B.