[MUD-Dev] Re: Player coding and security
Shawn Halpenny
malachai at iname.com
Thu May 22 12:29:23 CEST 1997
clawrenc at cup.hp.com wrote:
>
> In <33830715.41C67EA6 at iname.com>, on 05/21/97
> at 08:30 AM, Shawn Halpenny <malachai at iname.com> said:
>
> >There were a few posts a couple weeks back, most substantively from
> >Chris Lawrence (I think), where inheritance was explored as a
> >security model.
>
> Yup. Dat's me. Essentially I take Cool's per-object security model
> (each object and method determines its own security criteria), and
> provide APIs for easy testing of the inheritance tree of the
> method-caller and message-source (who originated the event) as the
> basis of determining validity of access.
I just pulled down the Cool security stuff for later perusal. I suppose
at
this point I'm mostly directionless with regards to security on user-
programming and hope to spark something that pushes me one way or
another.
> >How many of us are looking to have some
> >form of user-programming anyway?
>
> Me.
>
> >And to what degree are things
> >user-programmable, for that matter?
>
> I don't impose limits in the server. The DB may model various limits
> and attempt to impose them on the rest of the DB. As such I put
> damned near nothing that is game-oriented in the server proper (ie the
> server has no concept of containment, command parsing, placement, or
> context). Everything devolves to the DB.
Does that imply that a user can come along, and, say, take a small,
no-frills
bag and turn it into a big bag that hides its magical contents from the
rest
of the world? That is, the user has mostly free reign to tack on code
that enhances objects in the world (depending on what the security of
that bag allowed)?
You'd earlier posted a bit about how a user could code up a 50000hp
damage
wet noodle, but when using it nothing of the sort would happen. I was
wondering how does the noodle make the determination that that sort of
thing shouldn't be done in this context?
--
Shawn Halpenny
"Caesar si viveret, ad remum dareris"
- Latin for All Occasions
More information about the mud-dev-archive
mailing list