[DGD] Re: Net Security

[Sten Lindgren]

On Mon, 16 Mar 1998, Jason Cone wrote:

> Personally speaking, the ability to have a SMTP server (as Kevin pointed
> out) as well as a non-passive FTP server totally justifies the use of the
> networking package even in light of the possible things that can happen via
> malevolent coders.  As stated above, if you think about the design of your
> auto object as it relates to the networking efuns, the risk should be
> minimal.

In my experience there is always one more security flaw that can be
exploited, and there will be those who try to explot them. Personaly I
would not allow any mud that can initiate outgoing connection on any
system Im resposible for if I do have a say in the matter. It might become
a very tempting place to initiate an attack on other systems for some
people, and those attacks would be traced back to the mud (if traced at
all). I certainly wouldn't like to be the admin of a mud having to explain
how it was possible to attack someone elses system through my mud and at
the same time trying to explain why the mud shouldn't be nuked immediatly.
Of cource this is my point of view, and Im personally very happy Dworkin
decided not to include any net package in his driver, the day that should
happend I would hope the feature could be turned off.
As for services like SMTP and FTP they can be implemented using external
written programs that initiates a connection to the mud if it needs some
data from the mud itself (like acess permissions or whatever).


Sten Lindgren				ged at solace.mh.se




List config page:  http://list.imaginary.com/mailman/listinfo/dgd