a Question about Lua

AnniXa · May 9, 2012

Hey, is it possible to prevent some lua functions?

Its the following scenario:

i have a client and a dedicated server, where the gamelogic such as triggers or gui elements that the users can see are loaded and executed by that server or lua code is transfered to the client and runned there.

Triggers will handled this way: when a player enteres a trigger area then on the serverside the onTrigger() function will be called, this works fine.

also in some cases the server can send lua code to the clients and they run it then (usefull for gui stuff or if there are some scripted scenes/movie scenes)

the target is that the client need nothing to download by himself, all comes via the server, the whole game logic so modders can write own game logic and just host a server with they stuff.

But the problem i have is that lua can do also bad stuff, for example File operations, and so maybe some evil guys can hosts servers that are deleting files or creating files with stuff to the poeple that join they servers.

can i prevent lua from allowing file operations and other evil stuff?

Rick · May 9, 2012

As I was reading what you were doing and came to the part where you mentioned you were sending Lua commands from server to client to execute I was thinking how bad that is. So it's nice that in your last paragraph you mention that you know it's bad. I'm thinking this design just opens itself up to some issues. I don't know if there is really any way to get around this without heavy modification to Lua itself.