Lua Security

wiki

Difference (from revision 2 to current revision) (no other diffs)

Changed: 12c12

* More material is available [SecureProgramming] (Link down? 2006-09-07).

* More material is available [SecureProgramming] ([archive.org]).

If not carefully designed, a software system that uses scripts (which are often read/writable to the end user) can be extremely vulnerable, not only to malicious attacks, but also to simple coding mistakes and typos made by well-intentioned users. The links on this page lead to various articles on how to make Lua scripts more robust and resistant to security holes, as well as applications of Lua in security solutions.

See [Lua philosophy] - the small, robust, fast, embeddable nature of Lua can make it well suited for security applications
[Lua bugs]
ReadOnlyTables - How to make a table read-only
SandBoxes - How to execute a script in a secure sandbox
MemoryLimits - How to limit a script from using too much memory
CpuLimits? - How to limit a script from using too much CPU time (search on debugging hooks)
[sandcat] - web vulnerability scanner, with optional Lua scripting
[modsecurity] - web applications firewall, with optional Lua scripting
[wireshark] - network protocol analyzer, with optional Lua scripting
More material is available [SecureProgramming] ([archive.org]).

RecentChanges · preferences
edit · history
Last edited May 14, 2022 9:37 pm GMT (diff)