Tony Belding wrote: > I'm interested in using an off-the-shelf interpreted language as a > user-accessible scripting language for a MUCK. I'm just not sure if I > can find one that does everything I need. The MUCK must be able to > call the interpreter and execute scripts with it, but the interpreter > must also be able to call functions in the MUCK code. And then there's > the security issue that really worries me. . . I have to be able to > limit what the interpreter can execute. I can't have my users running > scripts that access the console, access the filesystem or sockets > directly, or call libraries or other binaries outside the MUCK. > > Is this practical? I'm thinking of Ruby or Python for this, if they > can meet the requirements. > > I might even consider REXX. . . I remember ARexx from my Amiga days, > and how great it was for string manipulation and application scripting. > However. . . My immediate target platform, Mac OS X, comes with Ruby > and Python but not REXX, so that's a disadvantage. > > My final option would be to create my own language interpeter where I > have control over everything that happens. That is what MUCKs have > always done in the past. But the result was always quirky, limited > languages like MUF (Multi-User Forth) which really turn off a lot of > coders. Furthermore, I've never created a language before, and it > would be a lot of extra work for me. > > -- > Tony Belding, Hamilton Texas
Sandboxing is possible in recent versions of Ruby using _why's sandbox package (http://code.whytheluckystiff.net/sandbox/). For a MUCK a custom language might be better though - creating sandboxes for any conventional language is likely to be too expensive to repeat for a thousand objects at regular intervals. A custom language would make it much easier to manage security while retaining decent performance. -- http://mail.python.org/mailman/listinfo/python-list
