Re: [ANN] pure Lua engram implementation

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] pure Lua engram implementation
From: Richard Hundt <richardhundt@...>
Date: 2011年1月03日 14:32:11 +0100

On 01/03/2011 02:05 PM, Alexander Gladysh wrote:

https://github.com/richardhundt/lua-engram

You should warn your library users that it is not safe to load such
data if it comes from untrusted source. Also it is not compatible with
LuaJIT.

Why, it's completely out of scope. Calling engram() returns a function.If the user chooses to dump that function via string.dump(), or load adumped function from another source, surely the security issues aretheir concern and not this library's? It's orthogonal.Again, you don't get a string, you get a function. What you do with thatis your concern.

Cheers,
Richard

Follow-Ups:
- Re: [ANN] pure Lua engram implementation, Alexander Gladysh

References:
- [ANN] pure Lua engram implementation, Richard Hundt
- Re: [ANN] pure Lua engram implementation, Alexander Gladysh

Prev by Date: Re: hosting lua projects at github (was: lanes report error when script ends)
Next by Date: Re: hosting lua projects at github (was: lanes report error when script ends)
Previous by thread: Re: [ANN] pure Lua engram implementation
Next by thread: Re: [ANN] pure Lua engram implementation
Index(es):
- Date
- Thread