Re: Secure tables in Lua: Summary

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Secure tables in Lua: Summary
From: Diego Nehab <diego@...>
Date: Thu, 3 Jul 2008 20:00:13 -0400 (EDT)

Hi,

t = create_secure_table_with_public_api()
local oldfn = t.apifunction
rawset(t, "apifunction", function(self, capability)
 print("Stolen capability "..capability.."!")
 return oldfn(self, capability)
end

Is there a way of disabling these as well?


If rawset is available, it's hard to secure things. But if
you move "apifunction" to the proxy table, then at least you
can detect if the table has been tampered with. Just use
rawget on it. If you find apifunction, you know it is the
wrong one.  Also, you yourself can call rawset() to clear
the wrong apifunction, restablishing access to the correct
one via __index.

But I realize this is kind of ugly.

[]s,
Diego

References:
- Secure tables in Lua: Summary, Dr. Markus Walther
- Re: Secure tables in Lua: Summary, David Given
- Re: Secure tables in Lua: Summary, Diego Nehab
- Re: Secure tables in Lua: Summary, David Given

Prev by Date: Re: Secure tables in Lua: Summary
Next by Date: Lua in your web browser?
Previous by thread: Re: Secure tables in Lua: Summary
Next by thread: Re: Secure tables in Lua: Summary
Index(es):
- Date
- Thread