Luke Graham
2/17/2005 12:55:00 AM
If you are sure you want them executing code in the same context,
you can freeze objects. That will get rid of a certain class of attacks.
Another way would be to do some AOP-style checks on who exactly
is calling a given function. FWIW, rescue is a keyword, not a method,
so I believe there is nothing you can do short of scanning their
file for that word. Eval would be another good one, otherwise they
could piece together say, eval("res" + "cue").
On Thu, 17 Feb 2005 02:09:50 +0900, Johannes Ahl-mann <softpro@gmx.net> wrote:
> > is there an easy way to restrict evaluation of code to certain
> > methods/classes only??
>
> just came up with an example!
> for example i might want to prevent users of the DSL to "catch"
> exceptions by themselves...
>
> for example:
> > begin
> > dsl_data {
> > field1 :broken
> > }
> > rescue
> > nil
> > end
>
> this might "hide" syntax problems of the DSL and would not make
> much sense if the DSL was used solely for data entry. therefore i might
> want to disallow use of "rescue"...
>
> Johannes
>
>
--
spooq