Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
The stupid question is the question not asked
 
PerlMonks  

Re^2: Embedded scripting sandbox? Lua?

by cavac (Chaplain)
on Oct 04, 2011 at 05:36 UTC ( #929442=note: print w/ replies, xml ) Need Help??


in reply to Re: Embedded scripting sandbox? Lua?
in thread Embedded scripting sandbox? Lua?

Thanks, but i'm not trying to inlining code, i want to fetch it from a database, execute it in a sandbox and save the results.

Don't use '#ff0000':
use Acme::AutoColor; my $redcolor = RED();
All colors subject to change without notice.


Comment on Re^2: Embedded scripting sandbox? Lua?
Re^3: Embedded scripting sandbox? Lua?
by perlfan (Deacon) on Oct 04, 2011 at 13:28 UTC
    You mention Lua, so I think of Inline::Lua. You can also inline inside of an eval. You're creating a dependency on an whole language ecosystem (as lightweight as it is) just to provide scripting inside of a ... scripting language? Your call. Good luck.
[reply]
[d/l]
      In my mind, there are goot reasons for it. The scripts are provided by users of a webpage. While Perl is the swiss army knife of programming languages, in this case that versatility makes in unusuable - it's practically impossible to make it really secure while allowing it to interact with the webserver through a defined API.

      A language like LUA is designed as a plugin to work on a given set of data and call a predefined API to the host system. Same as javascript does (or in case of IE "should do").
      While this is by no means a guarantee that it will be safe and secure, using a limited functionality sandbox makes it much easier for a small team (in my case: one man team) to keep an overview of what is and isn't possible for the user. I'm pretty sure this is a matter for discussion and possible flame wars - and i'm pretty sure that a larger team could come up with a better solution.

      Please, don't understand this as anything else than stating my point of view and explaining the reasons for why i'm tending towards LUA - i'm not trying to start a flamewar*.

      * Although we could if you like. I'm prefering IRC in that case, since i have an IRC bot for that. No, no, wait, it still uses Net::IRC, i should really rewrite that thing sometime soon... (bleep), before taking over the world i really need to hire some henchmen...
      Don't use '#ff0000':
      use Acme::AutoColor; my $redcolor = RED();
      All colors subject to change without notice.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://929442]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (13)
As of 2013-05-22 07:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best material for plates (tableware) is:









    Results (454 votes), past polls