Re: Lua Security Considerations...
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
- Subject: Re: Lua Security Considerations...
- From: Javier Guerra <javier@...>
- Date: 2009年3月11日 12:16:16 -0500
On Wed, Mar 11, 2009 at 11:56 AM, Mike Panetta <panetta.mike@gmail.com> wrote:
> If management is so worried about someone decompiling your application
> binary to access the Lua code, why are they not worried aboyt someone doing
> the same to the C code? If someone can decompile your code at all (which
> they can, there is almost no way to stop someone from doing that) then there
> is no point in worrying about Lua specificly, even your IP written in C is
> at risk.
exactly my thoughts. Lua only adds entry points if the Lua code is
from an untrusted source. if your Lua code is linked into your
executable, a cracker would have to break that open first.
if you want a little more security, restrict the Lua environment as
much as possible, and put some checksums in the code to alert
modifications before executing.
--
Javier