2009/1/17 Peter Clifton <pc...@cam.ac.uk>: > On Sat, 2009-01-17 at 17:53 +0100, Árpád Magosányi wrote: >> Hi! >> >> Sorry if I will be too long, but this is an important question. >> Short version: Don't Do That! > > Rebuttal: > > Least important reason: Turing complete may present security > implications. > > (BTW: Just saying "sandbox" the interpreter is very easy. Actually doing > it properly is another matter.)
(It is actually done for most languages which would come to mind in this context, and using these solutions is not that difficult.) > > Real crux of the matter: If you accept free-form input, it becomes > inordinately more difficult to write any sane GUI, or write-back of > changed config options. (Since the config file might be arbitrarily > complex). Reading configuration for the configurator GUI is a non-issue: a good configuration GUI never do that. It either uses the configured program's config reader routines (in our case the interpreter), or generates the config from a different source. > > The time saved in being able to write back configs, or provide a nice > GUI for some (not necessarily all) of our config - which is more than > just firing up $EDITOR and handing the user the file, will more than > make up for any effort required to handle the conversion to non-turing > complete configs. In fact Peter B has already done most of the work - so > that is a non-issue. > > Firewall software is in a completely different class to CAD > applications. A GUI is expected by most users (although not necessarily > all those on geda-user). > > That said, I am surprised you didn't find similar problems in writing > configs for your firewall. Don't your users demand a GUI / web > interface? Unfortunately nowadays the average firewall admin have absolutely no clue about network, protocols and security, so a GUI is a must. And yes, firewall config is different than config of some tools: the configuration in itself is a modelling problem, in a world of several object classes and their interrelations. So our GUI just writes Zorp config, does not read it. _______________________________________________ geda-user mailing list geda-user@moria.seul.org http://www.seul.org/cgi-bin/mailman/listinfo/geda-user