[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: RE: Why don't modules have implicit access to globals by default?
- From: "Jerome Vuarand" <jerome.vuarand@...>
- Date: Mon, 5 Nov 2007 18:12:21 -0500
David Manura wrote:
> Matt Campbell writes:
>> Why does one have to pass package.seeall to module() to give a module
>> implicit access to the global table?
> package.seeall is not required to access the global table, nor even
> to access it implicitly, and I recommend not using package.seeall,
> but it is one way of doing so for reasons described in Chapter 15
> "Modules and Packages" in "Programming in Lua, 2nd Ed" (an except of
> Chapter 15 is online: http://www.inf.puc-rio.br/~roberto/pil2/ ).
>> Is use of package.seeall
>> discouraged? Or was this done to simplify the implementation?
> Here's one opinion on the subject:
The 'module', 'package.seeall', and to some extent the 'require'
functions are not sandbox-ready in their default implementation. But the
default global table of the Lua interpreter is not sandbox-ready either.
You have to replace environments to make sandboxes, so you can also
replace module, package.seeall and require to suit your needs (these
functions are very simple, they can be implemented in pure Lua, and
there is little chance that they are a performance bottleneck of any
Why 'module' is important, is that if all your third-party modules are
calling the 'module' functions, you can easily replace the default
"unsafe" module system with a safer (less easy to use) one. On the other
hand if every module writer use its own protection mechanism (as good as
it is), the final application writer cannot automatically and globally
override inter-module cooperation behaviour.