Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^3: Embedded scripting sandbox? Lua?

by perlfan (Curate)
on Oct 04, 2011 at 13:28 UTC ( #929545=note: print w/replies, xml ) Need Help??


in reply to Re^2: Embedded scripting sandbox? Lua?
in thread Embedded scripting sandbox? Lua?

You mention Lua, so I think of Inline::Lua. You can also inline inside of an eval. You're creating a dependency on an whole language ecosystem (as lightweight as it is) just to provide scripting inside of a ... scripting language? Your call. Good luck.

Replies are listed 'Best First'.
Re^4: Embedded scripting sandbox? Lua?
by cavac (Deacon) on Oct 10, 2011 at 17:29 UTC
    In my mind, there are goot reasons for it. The scripts are provided by users of a webpage. While Perl is the swiss army knife of programming languages, in this case that versatility makes in unusuable - it's practically impossible to make it really secure while allowing it to interact with the webserver through a defined API.

    A language like LUA is designed as a plugin to work on a given set of data and call a predefined API to the host system. Same as javascript does (or in case of IE "should do").
    While this is by no means a guarantee that it will be safe and secure, using a limited functionality sandbox makes it much easier for a small team (in my case: one man team) to keep an overview of what is and isn't possible for the user. I'm pretty sure this is a matter for discussion and possible flame wars - and i'm pretty sure that a larger team could come up with a better solution.

    Please, don't understand this as anything else than stating my point of view and explaining the reasons for why i'm tending towards LUA - i'm not trying to start a flamewar*.

    * Although we could if you like. I'm prefering IRC in that case, since i have an IRC bot for that. No, no, wait, it still uses Net::IRC, i should really rewrite that thing sometime soon... (bleep), before taking over the world i really need to hire some henchmen...
    Don't use '#ff0000':
    use Acme::AutoColor; my $redcolor = RED();
    All colors subject to change without notice.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://929545]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (7)
As of 2018-06-21 13:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?



    Results (118 votes). Check out past polls.
    Notices?