[DGD] Changing connect() (network package)
Felix A. Croes
felix at dworkin.nl
Sat Dec 29 20:48:27 CET 2007
bart at wotf.org wrote:
> This idea keeps comming up, and as a matter of fact, its how ancient lpmud did
> its hostname resolution.
>
> The problems with this idea seem somewhat obvious...
>
> That external daemon has to logon to the mud somehow, hence it must contain
> valid authentication information.
>
> That external daemon is the ideal starting point for man in the middle attacks
> in case you decide to bother with encryption.
Not really. You can let it log on to a special port that is only opened
on localhost and has its own connection protocol. Authentication could
be done using a one-time password (especially since there is no person,
but a program on the other side) if you are especially concerned about
security.
As for man-in-the-middle attacks, if a localhost connection is vulnerable
then any connection is.
> It does not remove any of the issues of outgoing connections in LPC.
On this I agree. Muds with guest programmers really should not have
arbitrary outgoing connections in the first place.
Regards,
Dworkin
More information about the DGD
mailing list