|
On 13-Feb-07, at 1:23 PM, Jerome Vuarand wrote:
On the other hand you have all people just wanting a basic script system. Basic programming, web design, level design, scripting of an already exising application engine. All these people have few requirement on the language and just perform simple API calls. They mayuse full fledge Lua in their scripts, but don't mind having a more basic(and easily securable) interface with the rest of the world.
That's a supposition, though.Suppose our basic (or Basic :) ) programmer Joe Powerless finds an interesting Lua module somewhere, and wants to use it. Or perhaps he reads up a little Programming in Lua, and suddenly see how useful a coroutine could be, Or maybe just sees an example on the Wiki where I've written ("%2i => %s"):format(i, v)
Those might not be "requirements", but it seems a pity to tell say to Joe that he's not a sufficiently Powerful programmer to use interesting Lua constructs. After all, they're not that complicated, and many people are actually able to make the jump to functional programming. :)
Rings is a great solution for running untrusted independent scripts, such as in a webserver, but it's rather less help for inserting little scripts into embedded environments (say, as an internal scripting language for a database), particularly embedded environments themselves partially written in Lua where interchanging objects with plug-ins is more important, and the cost of serialization is prohibitive.
I'd prefer to think of the issues I presented in the previous message as things which still require some thought in the design of Lua, rather than as a demonstration that advanced features are hard to secure. They are, perhaps, harder to secure, but it shouldn't be beyond the ingenuity of the Lua community to figure out how to do it. After all, Lua is much closer to being a secure environment than any other popular scripting language I know; it would be nice to nail down the few remaining loose ends.