[sldev] Scripting the client
Lawson English
lenglish5 at cox.net
Thu Aug 2 19:52:05 PDT 2007
Argent Stonecutter wrote:
> Lawson English:
>> The ultimate scripted client would be something like the WoW
>> solution. That's the main reason I would say to use Lua: it's quick
>> and easy to do and we know it works, at least at this level.
>
> We ALSO know that Javascript works at this level (everything from
> Konfabulator and Dashboard widgets to AJAX), it's already in the
> client, and we know it can be secured. I prefer Tcl. You prefer Lua.
> But Javascript is already there.
>
I don't "prefer" Lua. I've never used it. I just assumed it was easy to
implement as a drop-in scripting language since it was designed that
way. I'm still not sure that JavaScript's presence in the browser
qualifies JavaScript as an easy solution to client-level scripting. /shrug.
>> If you let just *any* application have access to IM via a plug-in,
>> you run the risk of rebroadcasting private IM on an open channel.
>
> You let the user request it. Not the application, the user. In a
> preference option, "let these plugins access IM", with a list of
> plugins that have been made visible to the client, and a checkbox for
> each one.
Most users are trustworthy. I'm just worried that there will be a class
of griefers who are not technical savvy enough to compile the viewer
with a couple of extra lines of code to export private IM to a
rebroadcaster who ARE technical enough to drop in a plug-in that does it
for them with a click of a button.
Likewise with many other possible plug-ins that could be created.
/shrug. It's a a tradeoff. Are the benefits worth the downside of
exposing private IM to such trivial solutions for rebroadcast? Likewise
with everything else that could be abused via the plug-ins.
More information about the SLDev
mailing list