[MUD-Dev] (fwd) Functional Security

Ling K.L.Lo-94 at student.lboro.ac.uk
Fri Mar 20 03:16:29 CET 1998


On Thu, 19 Mar 1998, J C Lawrence wrote:

> From: "Scott G. Stewart" <sstewart at or.cadix.com>
> Newsgroups: rec.games.mud.lp
> Date: Thu, 19 Mar 1998 14:23:46 -0800
> 
> The few LPC security schemes I have looked at seem to emphasize file
> system security (the ability to read or write a file).  Is functional
> security (the ability to invoke a function in an object) downplayed, or
> have I missed something?

When I first encountered mud coding, which was on LPC, my first reaction
was "Why aren't calls privilege checked".  It seemed stupid that wizards
aren't trusted with the persistent side (files) but could do almost
anything they like short of bringing the mud down on the object side.

The checks I did see were usually on wiz commands.  The command to call
functions might be logged but it was just as easy to code an object
specifically to call a function.  In fact, this was used by a friend
raise a character very quickly.  Create a powerful monster, set to zero 
hp, attack it.  Repeat.  (setting stats on players were logged)

[snip]

> I can imagine a Mud where wizards have creation capability,  but compete
> against each other, and are therefore bound by certain rules.  In such a
> situation, you would not want one wizard to call the functions in
> another's object.

Things do go blurry though.  A wiz needs to create areas and tinker with
it.

  |    Ling Lo of Remora (Top Banana)
_O_O_  Elec Eng Dept, Loughborough University, UK.     kllo at iee.org




More information about the mud-dev-archive mailing list