Embedded scripting sandbox? Lua?by cavac (Deacon)
|on Oct 03, 2011 at 14:00 UTC||Need Help??|
cavac has asked for the
wisdom of the Perl Monks concerning the following question:
I need a little help for my Maplat webserver project: To automate some processes i like to give the user the opportunity to write simple embedded script code. This scripts should be able to do math, string matching and change some given data structures - but nothing more. No file access, no access to the host script (written in perl).
This interpreter would be run within a perl script, get the data structures defined by that script and after the interpreter finished (or timed out) the results would be used in the perl script.
Here's a (rather stupid, i admit) example pseudo code how it could be used in a webmail system:
I looked into Lua::API, but i'm not sure how to safely sandbox that. I read some Lua documentation, but i'm none the wiser...
Any ideas how to do that?
Managed to translate http://lua-users.org/wiki/SimpleLuaApiExample into a simple Lua::API script.
This still needs a lot of work though, but i see a (very dim) light at the end of the (very long) tunnel.
Don't use '#ff0000':
use Acme::AutoColor; my $redcolor = RED();
All colors subject to change without notice.