lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sun, Aug 17, 2014 at 09:45:43PM -0300, Thiago L. wrote:
> On 17/08/14 05:17 PM, Philipp Janda wrote:
> >Am 17.08.2014 um 20:22 schrieb Thiago L.:
> >>On 17/08/14 03:09 PM, Philipp Janda wrote:
> >>>Don't forget:
> >>>__tostring
> >>I thought __tostring was a fallback... (Lua doesn't know what to do, but
> >>instead of throwing an error it returns the memory address or a hash or
> >>w/e)
<snip>
> >Or my favourite:
> >
> >    debug.setmetatable( "", {
> >      __tostring = function( v ) return "bye bye" end
> >    } )
> >    print( "hello world" )
<snip>
> Ouch... and we don't have a rawtostring()...
> 
> Sometimes I don't know what's wrong with ppl... this is one of them...

But I imagine one could implement an interesting data loss protection (DLP)
scheme using this. For example, scan the string for Social Security numbers,
phone numbers, etc. If something sensitive is in the string, then trace the
stack to make sure the request is from an allowed caller, such as a database
library, otherwise log or throw an error so the privacy leak can be closed.