Re: How Safe is Safe::?

I actually tried something a little like this a while ago. I wanted to allow users to be able to run arbitrary code, somewhat similar to a MOO (Object-Orientated MUD (Multi-User Dungeon)). But I was using tied hashes to databases and it turned out to be completely impractical to allow them to do anything vaguely complicated (and therefore useful).

From my brief experiments it seemed that if you want to allow them to program anything more than a pocket calculator, you'd be better off writing your own scripting language and interpreter. Alas I have found no trace of such a project in perl.

If you need to allow a large number of vaguely-trusted users to run arbitrary scripts, I would recommend buying them a box, and giving them all limited shell acounts (or CGI execute permsisions) and keeping the data they access on another machine, say a PostGreSQL server.

SAFE seems to be a really excellent module, but you would have to be very skilled with the internal workings of perl to set it up right, and you would still be limited because you wouldn't be able to allow your users to call modules (which would almost certainly use banned codes), which is a very desirable thing. Apologies if I have overlooked some feature of SAFE which allows you to do the above, but I couldn't find it.

____________________
Jeremy
I didn't believe in evil until I dated it.

Comment on Re: How Safe is Safe::?

Replies are listed 'Best First'.
Re: Re: How Safe is Safe::? by sierrathedog04 (Hermit) on Feb 14, 2001 at 19:25 UTC
John Ousterhout designed the Tcl language to be an embedded scripting language for use in other (e.g. Perl) applications. To embed Tcl in some other application apparently involves the use of a C compiler. It may even involve recompiling Perl itself. However, I have worked in a place where a group of young geniuses attempted to create their own scripting language, and anything would be better than that. I would get Ousterhout's book Tcl and the Tk Toolkit and go at it. About a third of the book is devoted to embedding Tcl in something else. An additional benefit of the book, which is a classic, is that since we Perler's use Tk in Perl/Tk and Ousterhout wrote Tk we are learning from the master, so to speak.	[reply]

Replies are listed 'Best First'.

Re: Re: How Safe is Safe::?
by sierrathedog04 (Hermit) on Feb 14, 2001 at 19:25 UTC

However, I have worked in a place where a group of young geniuses attempted to create their own scripting language, and anything would be better than that. I would get Ousterhout's book Tcl and the Tk Toolkit and go at it. About a third of the book is devoted to embedding Tcl in something else.

An additional benefit of the book, which is a classic, is that since we Perler's use Tk in Perl/Tk and Ousterhout wrote Tk we are learning from the master, so to speak.

[reply]