AnniXa Posted May 9, 2012 Share Posted May 9, 2012 Hey, is it possible to prevent some lua functions? Its the following scenario: i have a client and a dedicated server, where the gamelogic such as triggers or gui elements that the users can see are loaded and executed by that server or lua code is transfered to the client and runned there. Triggers will handled this way: when a player enteres a trigger area then on the serverside the onTrigger() function will be called, this works fine. also in some cases the server can send lua code to the clients and they run it then (usefull for gui stuff or if there are some scripted scenes/movie scenes) the target is that the client need nothing to download by himself, all comes via the server, the whole game logic so modders can write own game logic and just host a server with they stuff. But the problem i have is that lua can do also bad stuff, for example File operations, and so maybe some evil guys can hosts servers that are deleting files or creating files with stuff to the poeple that join they servers. can i prevent lua from allowing file operations and other evil stuff? Quote Whuts wroong? Link to comment Share on other sites More sharing options...
Rick Posted May 9, 2012 Share Posted May 9, 2012 As I was reading what you were doing and came to the part where you mentioned you were sending Lua commands from server to client to execute I was thinking how bad that is. So it's nice that in your last paragraph you mention that you know it's bad. I'm thinking this design just opens itself up to some issues. I don't know if there is really any way to get around this without heavy modification to Lua itself. Quote Link to comment Share on other sites More sharing options...
AnniXa Posted May 9, 2012 Author Share Posted May 9, 2012 ah sad, i thought i just can define own functions to override the origina lua ones that are bad or something. I think on the other hand i will then make some kind of protocoll for the gui stuff and such. will be much more work but on the other hand its letting me more control over it Quote Whuts wroong? Link to comment Share on other sites More sharing options...
Paul Posted May 9, 2012 Share Posted May 9, 2012 Lua sandboxing, but I'm not sure how well this works with the engine though. http://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox http://lua-users.org/wiki/SandBoxes Quote Intel Core i7 975 @ 3.33GHz, 6GB ram, GTX 560 Super OC, Windows 7 Pro 64bit Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.