[sldev] Scripting the client

Lawson English lenglish5 at cox.net
Thu Aug 2 19:52:05 PDT 2007


Argent Stonecutter wrote:
> Lawson English:
>> The ultimate scripted client would be something like the WoW 
>> solution.  That's the main reason I would say to use Lua: it's quick 
>> and easy to do and we know it works, at least at this level.
>
> We ALSO know that Javascript works at this level (everything from 
> Konfabulator and Dashboard widgets to AJAX), it's already in the 
> client, and we know it can be secured. I prefer Tcl. You prefer Lua. 
> But Javascript is already there.
>

I don't "prefer" Lua. I've never used it. I just assumed it was easy to 
implement as a drop-in scripting language since it was designed that 
way. I'm still not sure that JavaScript's presence in the browser 
qualifies JavaScript as an easy solution to client-level scripting.  /shrug.

>> If you let just *any* application have access to IM via a plug-in, 
>> you run the risk of rebroadcasting private IM on an open channel.
>
> You let the user request it. Not the application, the user. In a 
> preference option, "let these plugins access IM", with a list of 
> plugins that have been made visible to the client, and a checkbox for 
> each one.

Most users are trustworthy. I'm just worried that there will be a class 
of griefers who are not technical savvy enough to compile the viewer 
with a couple of extra lines of code to export private IM to a 
rebroadcaster who ARE technical enough to drop in a plug-in that does it 
for them with a click of a button.

Likewise with many other possible plug-ins that could be created.

/shrug. It's a a tradeoff. Are the benefits worth the downside of 
exposing private IM to such trivial solutions for rebroadcast? Likewise 
with everything else that could be abused via the plug-ins.




More information about the SLDev mailing list