Using a turing-complete language like Javascript for user-proided code begs for trouble. Two of the most trivial ways to cause trouble are allocating all available memory and infinite loops. Yes, there are counter measures for both, but why allow getting into trouble at all? A reduced, domain-specific language that is intentionally not turing-complete might do the trick.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] |
I thought about a simplified language. But nearly all my use cases require conditionals and loop constructs. Which make it turing complete.
Plus, inventing and implementing a domain-specific language has a lot of drawbacks as well, especially if it's done by a single person. First of, it still will have ways to exploit it, as all computer code inevitably does. And secondly, it will be single-use only, so the user has to learn a specific language for that one job. And if i implement something else that also needs scripting, the user will have to learn a second, different language. I have experimented with stuff like that in the past, and it's basically a neverending maintenance nightmare.
And frankly, i had to work with turing-complete stuff before that is way harder to properly sandbox with the usual tools available. You know, evil stuff like PDF, Ghostscript, True-Type fonts, MediaWiki Templates, Minecraft, laptop batteries, computer keyboards, printers, "smart" LED lamps, security cameras, smartphones, etc. At this point, i'm resigned to the fact that there is so much exploitable soft- and hardware around me that i'm never going to be truly secure.
perl -e 'use Crypt::Digest::SHA256 qw[sha256_hex]; print substr(sha256_hex("the Answer To Life, The Universe And Everything"), 6, 2), "\n";'
| [reply] [d/l] |