[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

28279: Re: [MUD-Dev] Scripting languages

[Full Header] [Plain Text]
From: "Kwon J. Ekstrom" <justice@softhome.net>
Newsgroups: nu.kanga.list.mud-dev
Date: Wed, 02 Jul 2003 17:50:28 -0600
References: [1] [2] [3] <-newest
Organization: Kanga.Nu
Bruce Mitchener wrote:
> Kwon J. Ekstrom wrote:

>> I personally don't see how writing a custom language helps much
>> against malicious code.

> It depends on the custom language of course.  Various systems out
> there have security models that are part of the language, its
> compilation environment, or its runtime environment.

Perhaps I misworded this.

While I'm positive that a custom language "can" help with security,
I don't see that as reason enough to write my own.  Several embedded
languages have a security model that's been tested on a variety of
systems.

I'm sure there's some loopholes to my security model I haven't found
yet, holes I haven't patched, etc.  Those holes are on my objects
themselves, the language is secure.

The security features you mentioned in your examples all seem based
on enforcing a priviledge model.  This is exactly what I did with
Rhino, and I'm fairly sure that it took alot less time to research
and code.

-- Kwon J. Ekstrom
_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev