Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Embedded scripting sandbox? Lua?

by perlfan (Curate)
on Oct 03, 2011 at 20:04 UTC ( #929413=note: print w/ replies, xml ) Need Help??


in reply to Embedded scripting sandbox? Lua?

Why not use Perl? Check out the Inline::Foo module example; it'll let you define your own Perl based domain specific "language".


Comment on Re: Embedded scripting sandbox? Lua?
Re^2: Embedded scripting sandbox? Lua?
by cavac (Chaplain) on Oct 04, 2011 at 05:36 UTC
    Thanks, but i'm not trying to inlining code, i want to fetch it from a database, execute it in a sandbox and save the results.
    Don't use '#ff0000':
    use Acme::AutoColor; my $redcolor = RED();
    All colors subject to change without notice.
      You mention Lua, so I think of Inline::Lua. You can also inline inside of an eval. You're creating a dependency on an whole language ecosystem (as lightweight as it is) just to provide scripting inside of a ... scripting language? Your call. Good luck.
        In my mind, there are goot reasons for it. The scripts are provided by users of a webpage. While Perl is the swiss army knife of programming languages, in this case that versatility makes in unusuable - it's practically impossible to make it really secure while allowing it to interact with the webserver through a defined API.

        A language like LUA is designed as a plugin to work on a given set of data and call a predefined API to the host system. Same as javascript does (or in case of IE "should do").
        While this is by no means a guarantee that it will be safe and secure, using a limited functionality sandbox makes it much easier for a small team (in my case: one man team) to keep an overview of what is and isn't possible for the user. I'm pretty sure this is a matter for discussion and possible flame wars - and i'm pretty sure that a larger team could come up with a better solution.

        Please, don't understand this as anything else than stating my point of view and explaining the reasons for why i'm tending towards LUA - i'm not trying to start a flamewar*.

        * Although we could if you like. I'm prefering IRC in that case, since i have an IRC bot for that. No, no, wait, it still uses Net::IRC, i should really rewrite that thing sometime soon... (bleep), before taking over the world i really need to hire some henchmen...
        Don't use '#ff0000':
        use Acme::AutoColor; my $redcolor = RED();
        All colors subject to change without notice.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://929413]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (9)
As of 2015-07-07 00:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (86 votes), past polls