A scripting engine for Ruby?

views:

156

answers:

+2 Q:

A scripting engine for Ruby?

Hello, I am creating a Ruby On Rails website, and for one part it needs to be dynamic so that (sorta) trusted users can make parts of the website work differently. For this, I need a scripting language. In a sort of similar project in ASP.Net, I wrote my own scripting language/DSL. I can not use that source code(written at work) though, and I don't want to make another scripting language if I don't have to.

So, what choices do I have? The scripting must be locked down and not be able to crash my server or anything. I'd really like if I could use Ruby as the scripting language, but it's not strictly necessary. Also, this scripting part will be called on almost every request for the website, sometimes more than once. So, speed is a factor.

I looked at the RubyLuaBridge but it is Alpha status and seems dead.

What choices for a scripting language do I have in a Ruby project?

Also, I will have full control over where this project is deployed(root access), so there are no real limits..

What about JRuby? You can use java implementation of many scripting language, such as javascript, scheme etc

aaz 2010-04-04 20:59:23

If I was going to go that route, I'd probably just have a C-lua implementation and use IPC to communicate with it from my ruby program..

Earlz 2010-04-04 21:25:56

+2 A:

There's also Rufus-lua though it's at version 0.1.0...

lhf 2010-04-04 21:17:08

rufus-lua is at 1.1.0 : http://github.com/jmettraux/rufus-lua it's used in other projects : http://github.com/scottpersinger/laminate

jmettraux 2010-04-05 04:12:47

ooooh... laminate. I guess that proves that it can also be sandboxed within ruby. This will probably be the accepted answer..

Earlz 2010-04-05 05:11:56

Well, since it hasn't been suggested yet, there's Locking Ruby In The Safe as described by the Pickaxe book. This allows you to use Ruby as the language without significant slowdown AFAIK.

This technique is intended to allow safe sandboxing of untrusted Ruby code and bug fixes and discussions are directed toward keeping it that way, but infinite loops and some other things still allow malicious users to peg the CPU. (e.g. this discussion maybe.)

What I don't know is how you return data that is inherently safe to use from outside the safe thread. A singleton object (for instance) can mimic whatever class and then do something dangerous when any method is called in the returning thread. I'm still googling around about it. (The Ruby Programming Language says that level 4 "Prevents metaprogramming methods" which would allow you to safely verify the class of a returned object, which I suppose would make results safe to use.)

Barring that, it might not be hard (*snrk*) to implement a Lisp-1 with dynamic scope since you already have a garbage collector.

Jesse Millikan 2010-04-04 22:09:52

lisp... sigh.. first problem: I don't know lisp, so I'd have to learn it and then implement it. Second problem: Lisp is not the most ideal beginner language..

Earlz 2010-04-05 01:49:26

ansaurus

tags:

views:

answers:

A scripting engine for Ruby?

related questions