We are working on a product that has a similar requirement for Tropo (see https://github.com/tropo/tropo-samples/tree/master/ruby ), where the user is allowed to write a ruby ββscript that can access several functions and variables that are passed. However, we would like the user to not have access to global calls that delete all users or terminate the program. Is there a way to accomplish this with eval?
It will depend on how you implement it, but look at using bindings with eval. By creating your own binding and preloading it with "safe" objects, you can limit what the user can do with his code.
http://rdoc.info/stdlib/core/1.9.2/Binding
set the parameter $ SAFE? This should ensure that you are not eval unreliable strings, anyway ...
Ruby provides a security model based on corrupted objects.
You may want to check that . In any case, note that creating a DSL is safer (and more fun!) Than eval