[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: "Secure dostring"
- From: erik@... (Erik Hougaard)
- Date: Thu, 15 Jun 2000 11:40:24 +0200
----- Original Message -----
> >I would like to have a "securedostring" command... That would be a
dostring
> >that only would allow simple expressions and the functions defined in
> >mathlib .. I would use this to allow my user to type simple expressions
in
> >entry fields, but I do not want my users to be able to call functions
(lua
> >defined) and other C functions..
> This still leaves the problem of 's' having calls to "unsafe" functions.
> The easiest solution seems to be to evaluate this in a state that contains
> noting but the "safe" functions, in your case, the ones from mathlib.
> This state is easily created in Lua 4.0 with lua_newstate("builtin", 0,
NULL)
> and then open mathlib in this state.
> The state would also contain any global variables that would be needed in
> your expressions. These global variables have to set from C.
Well ofcause... I'm "mister multistate" in the first place ... Why did'nt I
think of that :-))
Thanks,
/Erik