undefined | Better HN

0 pointskentonv8y ago0 comments

We love Lua and LuaJIT -- we use them extensively here.

But for running third-party code, we need to everything in our power to reduce the risk of a compromise.

Every sandbox (including V8) has bugs, and security is about risk management. With scrutiny, the low-hanging fruit is found and the risk of further bugs steadily decreases. At the end of the day, no Lua sandboxing mechanism has had anywhere near the scrutiny of V8. It's a totally unfair chicken-and-egg problem: to get scrutiny you need usage, but to get usage you need scrutiny. But, it is what it is. :/

0 comments

vvanders8y ago

Cool, appreciate the candid response.

I think there's definitely a compelling reason to use JS both from a developer comfort perspective and the fact that it's a pretty battle-tested path.

It sounds like anything short of a full-blown container(with all the overhead that brings) wouldn't be sufficient to cover the security concerns. I'd love to see Lua battle-harded a bit more in that area so was just curious if you had any new learnings.

j / k navigate · click thread line to collapse