On Thu, Feb 16, 2012 at 09:00, Richard Hipp <d...@sqlite.org> wrote: >> >> >> I was once open to this kind of thing. But since the security risks have >> been pointed out to me, I'm now very reluctant to do anything like this. >> > > TH1 is secure by virtual of being minimalist. It really doesn't do much > beyond simple variable substitution and if-then-else. The point is, I want > to keep it that way so that it does not evolve into a security threat. We > want to keep the "attack surface" as small as possible. >
I appreciate the security above all attitude. But if at some point in the future scripting will be back on discussion table I would like to introduce embedded language Lua [1], [2]. It has some really unique features that are greatly appreciated in embedded scripting world. Here just few of them: (1) Implemented in ANSI C-89 with no external dependencies, highly portable. Small code base (15 KLOC) (2) Designed as embedded language from get go. Great configurable sand-boxing (3) Very easy to interface to existing C-code. Lua can call C-functions and can be called from C-functions. (4) Very fast (faster than TCL, python, ruby, perl). For real CPU addicts there is Just-In-Time compiler LuaJIT which delivers Java-6 like performance on average and sometimes comes close to C. (5) Simple syntax, powerful semantics. [1] http://www.lua.org [2] http://en.wikipedia.org/wiki/Lua_%28programming_language%29 --Leo-- _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users