| Chuck Adams on Thu, 28 Dec 2006 12:58:32 -0700 (MST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [s-d] dice server enhancements, part 2 |
On 12/28/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote: > I'd originally thought about using Perl to do the parsing and execution, > but I couldn't convince myself that it would be possible to sanitize > the code to make sure that users weren't finding a sneaky way to call > system(). Perl has taint, which would prevent that from happening. Ruby has security levels which is taint on steroids. Python has pretty much zip for sandboxing now. All three are pretty heavy anyway. PHP has ... *chuckle* ... let's not imagine it has security. But Lua's small and simple enough that it's actually encouraged to just compile your own interpreter with all the bits you don't want removed. I would really recommend it in this case. //sproingie _______________________________________________ spoon-discuss mailing list spoon-discuss@xxxxxxxxx http://lists.ellipsis.cx/mailman/listinfo/spoon-discuss