Thread:Extension talk:Scribunto/Security concerns/reply (4)

Good answer, mdowdell.

To expand on that: Lua it particularly well-designed for sandboxing, and was thoroughly reviewed by Tim Starling, who is one of the WMF's top security and performance experts, as part of the process of developing Scribunto. When using the standalone interpreter, only a simple "server" runs in the full environment; most Scribunto code is loaded in a sandbox that has all "dangerous" functions removed, and user code is further loaded in another sandbox within the sandbox. When using the luasandbox PHP extension, the "dangerous" functions are not loaded into the Lua interpreter in the first place, and user code is still loaded within an inner sandbox.

With the standalone interpreter, memory and CPU time limits are enforced using Linux's ulimit mechanism, while with the luasandbox PHP extension they are built into the extension itself.

As for "The same thing can be done using a s[i]mpler template that could be written without this extension", if that's actually true for your situation then you may not actually need Scribunto. But on Wikipedia and other WMF projects, there were many templates (particularly things like "substr") that are now much faster and simpler with Scribunto, and there are other things that have been done with Scribunto that were effectively impossible before.