[cap-talk] Lua, Javascript, and the Object Capability Model
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Jul 25 12:43:16 EDT 2009
Matej Kosik wrote:
> James Graves wrote:
>
>> Lua, Javascript, and the Object Capability Model
>> <http://partiallyappliedlife.blogspot.com/2009/07/lua-and-object-capability-model.html>
>
> Lua probably supports sandboxing. Untrusted code is started in a context
> where dangerous functions are undefined.
>
> Does it also support dynamic changes in the reference graph according to
> object-capability security model? I.e. connectivity:
> - by initial conditions
> - parenthood
> - by introduction
> - by endowment
> ?
>
> I guess not but because if you want to call a function in Lua, you
> specify (forgeable) name.
Lua 5.0 and later (http://www.lua.org/versions.html) supports first-class
functions with lexical variable capture. I don't know enough about it to
say whether the E/Cajita-style lexically encapsulated object pattern is
secure in Lua, but it seems plausible.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list