lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 8/23/2010 9:39 AM, Henk Boom wrote:
On 22 August 2010 09:09, Stuart P. Bentley wrote:
It'd probably be a good idea to make rejecting bytecode in load() an #ifdef,
with a prominent note in the manual / README that it should be defined in
essentially anything that runs editable scripts and/or doesn't have its own
bytecode verification routine.

Maybe having load() reject bytecode and adding a debug.load() that
accepts it would communicate the right message.

Let's stop treating developers as kiddies. Too much babysitting and pretty soon some will come to depend on the babysitting. If someone builds an app and skips sandboxing *when it is needed* and skips disabling binary chunks *when it is needed*, then it is a prototype of an application, not a completed application. Paying customers should be wise to seek reimbursement or upgrades.

Assuming we are not using Lua as a language platform, can someone name applications that allows loading of untrusted third party binary chunks? Always curious for actual examples...

--
Cheers,
Kein-Hong Man (esq.)
Kuala Lumpur, Malaysia