http/https for Lua scripts?

It's come up a few times as a feature request. Is there really a need for such a feature?

What could you do with it?

 

I don't know anything about the previous discussion, but just on the service, I am going to say that executing Lua from anything other than a secure and trusted source is one way ticket to Trojan hell. The only difference between HTTP and HTTPS is the later requires a n authenticated certificate and provides transport encryption. With straight HTTP, any snooper can see the request, it's cookies, and even insert a replacement response and potentially impersonate you. Lua is a text-based scripting language. It is only limited by the application that extended it in terms of abuse potential. Hence, non-HTTPS could very well result in an invasion. One might think that such a small user base need not be as concerned about this, but there is a lot of people with game assets valued in the thousands. And frankly, most of the hackers are either poor or madly ruthless; they would kill your family for 10 bucks.

 

Well, you can already do all this with the current integration.
So, if that feature would come with a notify screen, that states something like "Hey, this script is attempting to connect internet, are you sure you wanna allow that?", would be great.

At worst, we have same threats, but it could get better.

It could be used to:
Manage connection to database.
Auto updating scripts - Could be managed with github and script could download latest versions from there
Integrate to local / internet site. Imagine Lua part as a data collector ( loot, damage, etc ) and local ( or internet ) site as a visual part.

 

The Lua livestream was incredibly informative! Here is the livestream from our YouTube channel in case you missed it:

I have no idea about this subject, so I'm watching this on the subject.