Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Embedded scripting sandbox? Lua?

by perlfan (Curate)
on Oct 03, 2011 at 20:04 UTC ( #929413=note: print w/ replies, xml ) Need Help??


in reply to Embedded scripting sandbox? Lua?

Why not use Perl? Check out the Inline::Foo module example; it'll let you define your own Perl based domain specific "language".


Comment on Re: Embedded scripting sandbox? Lua?
Re^2: Embedded scripting sandbox? Lua?
by cavac (Chaplain) on Oct 04, 2011 at 05:36 UTC
    Thanks, but i'm not trying to inlining code, i want to fetch it from a database, execute it in a sandbox and save the results.
    Don't use '#ff0000':
    use Acme::AutoColor; my $redcolor = RED();
    All colors subject to change without notice.
      You mention Lua, so I think of Inline::Lua. You can also inline inside of an eval. You're creating a dependency on an whole language ecosystem (as lightweight as it is) just to provide scripting inside of a ... scripting language? Your call. Good luck.
        In my mind, there are goot reasons for it. The scripts are provided by users of a webpage. While Perl is the swiss army knife of programming languages, in this case that versatility makes in unusuable - it's practically impossible to make it really secure while allowing it to interact with the webserver through a defined API.

        A language like LUA is designed as a plugin to work on a given set of data and call a predefined API to the host system. Same as javascript does (or in case of IE "should do").
        While this is by no means a guarantee that it will be safe and secure, using a limited functionality sandbox makes it much easier for a small team (in my case: one man team) to keep an overview of what is and isn't possible for the user. I'm pretty sure this is a matter for discussion and possible flame wars - and i'm pretty sure that a larger team could come up with a better solution.

        Please, don't understand this as anything else than stating my point of view and explaining the reasons for why i'm tending towards LUA - i'm not trying to start a flamewar*.

        * Although we could if you like. I'm prefering IRC in that case, since i have an IRC bot for that. No, no, wait, it still uses Net::IRC, i should really rewrite that thing sometime soon... (bleep), before taking over the world i really need to hire some henchmen...
        Don't use '#ff0000':
        use Acme::AutoColor; my $redcolor = RED();
        All colors subject to change without notice.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://929413]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (12)
As of 2014-11-26 02:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (160 votes), past polls