[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Using Lua for config files
- From: Andrew Starks <andrew.starks@...>
- Date: Thu, 19 Dec 2013 20:43:51 -0600
We are just now beginning to take an open approach to our products, where we expect (hope) that users will modify the system with Lua. So I'm a little ignorant to the real issues, and all of this should be framed with "to my way of thinking..."
That said, do you expect users to pass configuration files around and load them without reading them? How is this different than the other stupid things people can do, and mostly don't do?
Most of the security that you want could come in the form of permissions and putting the file in the correct directory, no?
The platform product beats the closed product every time. Neutering your configuration file to avoid bugs seems like a bad strategy. Limiting your / your users capability to script is only a limit on yourself and a pretty ineffective place to put security, in the first place.
This all presupposes that your not talking about scripts that users are sending each other as part of a multi-user exchange.
Thrown out for comment because I'm genuinely interested in real experiences, especially horror stories. :)
-Andrew