[sldev] Re: Scripting the client

[Argent Stonecutter]

Lawson English:
> You said  on the forums that you were working on a Python plug-in. Why
> specifically Python, rather than Lua, given the relative simplicity of
> implementing Lua as a plug-in scripting language (that is what it is
> designed for) compared to implementing a Python plug-in, and the fact
> that Lua is already used as the scripting language for the Worlds of
> Warcraft client and has a proven track record for scripting such a  
> system?

The language I would rather see would be Tcl. It was designed from  
the start as a glue language, has been ported widely (and even to as  
limited environments as the old Palm III), and has standard  
mechanisms (Safe Tcl) for creating restricted interpreters that *can  
not* be broken out of because it creates fully sandboxed interpreters  
that do not even have unsafe APIs exposed through them.

Failing that, it should be possible to create similarly sandboxed  
ECMAscript interpreters, and the client already supports Javascript  
and there is an extensive base of developers experienced in both  
Javascript and Actionscript.

I do not think we should trust Microsoft's partial sandbox design:  
for the last decade the same high level security model as implemented  
in IE and ActiveX has been broken again and again by exploiting  
*design flaws* that are inherent to the whole "security zone" model.