Re: string_exec()
- Posted by katsmeow Mar 01, 2015
- 2281 views
There is no point in executing a string outside the context of exactly where it was called in the code. To place the string outside the context of where the eval() was called, is to simply run another program. We can do that now. So sandboxing eval() does me no good. I can run other OE programs already.
There absolutely is a point. You can provide integration points where the internal code can interface with the main program. Think of a plugin, or user scripts in a game. There are many reasons why security could still be an issue there. You might also want to have multiple contexts that do not interfere with each other.
Here are the oeu docs on embedding an interpreter inside your program:
http://ooeu.sourceforge.net/docs/EMBEDDING.htm
Matt
I thought there were runtime problems in ooeu, that built up over time, like memory leaks? And errors related to more than one operation per line? Plus the small detail that OOEU is RDS v2.5?
useless
