AnniXa 1 Posted May 9, 2012 Hey, is it possible to prevent some lua functions? Its the following scenario: i have a client and a dedicated server, where the gamelogic such as triggers or gui elements that the users can see are loaded and executed by that server or lua code is transfered to the client and runned there. Triggers will handled this way: when a player enteres a trigger area then on the serverside the onTrigger() function will be called, this works fine. also in some cases the server can send lua code to the clients and they run it then (usefull for gui stuff or if there are some scripted scenes/movie scenes) the target is that the client need nothing to download by himself, all comes via the server, the whole game logic so modders can write own game logic and just host a server with they stuff. But the problem i have is that lua can do also bad stuff, for example File operations, and so maybe some evil guys can hosts servers that are deleting files or creating files with stuff to the poeple that join they servers. can i prevent lua from allowing file operations and other evil stuff? Quote Share this post Link to post
Rick 1,472 Posted May 9, 2012 As I was reading what you were doing and came to the part where you mentioned you were sending Lua commands from server to client to execute I was thinking how bad that is. So it's nice that in your last paragraph you mention that you know it's bad. I'm thinking this design just opens itself up to some issues. I don't know if there is really any way to get around this without heavy modification to Lua itself. Quote Share this post Link to post
AnniXa 1 Posted May 9, 2012 ah sad, i thought i just can define own functions to override the origina lua ones that are bad or something. I think on the other hand i will then make some kind of protocoll for the gui stuff and such. will be much more work but on the other hand its letting me more control over it Quote Share this post Link to post
Paul 0 Posted May 9, 2012 Lua sandboxing, but I'm not sure how well this works with the engine though. http://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox http://lua-users.org/wiki/SandBoxes Quote Share this post Link to post