Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re^3: Embedded scripting sandbox? Lua?

by perlfan (Curate)
on Oct 04, 2011 at 13:28 UTC ( #929545=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Embedded scripting sandbox? Lua?
in thread Embedded scripting sandbox? Lua?

You mention Lua, so I think of Inline::Lua. You can also inline inside of an eval. You're creating a dependency on an whole language ecosystem (as lightweight as it is) just to provide scripting inside of a ... scripting language? Your call. Good luck.


Comment on Re^3: Embedded scripting sandbox? Lua?
Download Code
Re^4: Embedded scripting sandbox? Lua?
by cavac (Chaplain) on Oct 10, 2011 at 17:29 UTC
    In my mind, there are goot reasons for it. The scripts are provided by users of a webpage. While Perl is the swiss army knife of programming languages, in this case that versatility makes in unusuable - it's practically impossible to make it really secure while allowing it to interact with the webserver through a defined API.

    A language like LUA is designed as a plugin to work on a given set of data and call a predefined API to the host system. Same as javascript does (or in case of IE "should do").
    While this is by no means a guarantee that it will be safe and secure, using a limited functionality sandbox makes it much easier for a small team (in my case: one man team) to keep an overview of what is and isn't possible for the user. I'm pretty sure this is a matter for discussion and possible flame wars - and i'm pretty sure that a larger team could come up with a better solution.

    Please, don't understand this as anything else than stating my point of view and explaining the reasons for why i'm tending towards LUA - i'm not trying to start a flamewar*.

    * Although we could if you like. I'm prefering IRC in that case, since i have an IRC bot for that. No, no, wait, it still uses Net::IRC, i should really rewrite that thing sometime soon... (bleep), before taking over the world i really need to hire some henchmen...
    Don't use '#ff0000':
    use Acme::AutoColor; my $redcolor = RED();
    All colors subject to change without notice.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://929545]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (17)
As of 2015-07-01 16:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (9 votes), past polls