Re: Load & Execute Code From a Database

< ^ > P N |<>|^_>< --- | ~ ...Help
Fabian Streitel wrote:
> I guess you could sandbox it? There are Ruby sandboxes out there...
> Still not 100% protection I guess, but better than eval any day...

_why's sandbox looks to be pretty good, but it requires you to rebuild 
the ruby interpreter from source with a small patch.

Depending on your application, it may be better to parse some 
domain-specific language rather than ruby. Look at liquidmarkup.org for 
an example.

Another solution is to let the user choose between N trusted pieces of 
code to execute, by storing the name of a method or module in the 
database. This is pretty safe:

module Snippets
  module Foo
    def self.run
      puts "bah!"
    end
  end
end

modname = "Foo"  # from untrusted source, e.g. db
Snippets.const_get(modname).run
-- 
Posted via http://www.ruby-forum.com/.