lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

On Jun 17, 2014, at 7:09 PM, Leinen, Rick <RLeinen@leviton.com> wrote:

>> -----Original Message-----
>> From: lua-l-bounces@lists.lua.org [mailto:lua-l-bounces@lists.lua.org] On Behalf Of Paige DePol
>> Sent: Tuesday, June 17, 2014 4:58 PM
>> To: Lua mailing list
>> Subject: Re: Locking Table Member Additions
>> 
>> On Jun 17, 2014, at 6:43 PM, Leinen, Rick <RLeinen@leviton.com> wrote:
>> 
>>> One thing I neglected to mention is that the scripts are to be kept in the Kintetis' internal 256K data flash.  While the parsed script should be small, the source script can get large, especially if more than one is used.
>> 
>> Do you need to edit the scripts on the Kinetis itself?
>> 
>> If not you could use `luac` to compile your scripts into binary bytecode form allowing you to simply load your binary scripts on the device. This would skip the entire parsing into bytecode step on the device, which may be helpful.
>> 
>> The only issue is that you may need a system with the same endinness and integer size as the Kintetis, as `luac` does not cross-compile... which, IMO, is a feature that should be added. Though, I do not think it would be hard to create a custom `luac` to achieve the goal.
>> 
>> ~pmd
> 
> Paige,
> 
> Now that's an interesting idea.  I had seen references to luac, but didn't know it could do that.  
> 
> There is a bit of a debate as to whether we should allow editing/downloading of scripts from the device.  I'm of the opinion that we should not allow it, only deletions and uploads, as that would help keep the scripts (and a lot of company IP) more secure.  Having scripts in bytecode form would add another layer of security to those unfamiliar with Lua.
> 
> Rick

Security through obscurity is no security at all. Yes, people who are unfamiliar with Lua may not know how to disassemble the compiled scripts, but a simple search would get them the information they require. Truly securing the scripts would require other methods, like encryption. You could also use code-signing if you wanted to prevent the binary scripts from being changed on the device.

Keeping the scripts in compiled form on the device, however, will decrease both your memory usage and your loading times. Additionally, if you do not require any parsing at all you should even be able to remove the parsing ability from the Lua library on the device altogether, thus saving even more memory.

Note that removing the parser would restrict you to only running the code in the binary script, additionally, the scripts would be unable to use the parser to dynamically load strings as Lua source. Though, if you are running in a restricted environment this may not be an issue... also, I have not actually tried to remove the parser (yet), but I can't think of any reason why it would be an issue off the top of my head.

~pmd