[MUD-Dev] distributed objects
Kevin Littlejohn
darius at connect.com.au
Thu Feb 17 15:37:34 CET 2000
>>> "Laurent Bossavit" wrote
> Kevin Littlejohn sez:
>
> > Phil's comment on that was that it's impossible to construct a
> > decent fight system, for instance, under that setup, because you
> > can never guarantee that
>
> Um... Unless I'm missing a perfectly obvious point (which wouldn't be
> the first time) don't the solutions outlined at www.erights.org for
> implementing secure "purses" also fit the bill for combat systems ?
For anyone who hasn't read it:
http://www.erights.org/elib/capability/ode/ode-capabilities.html#simple-money
Neat system.
There's still reliance on a bunch of things, that may not be immediately
evident, though, to achieve this security. One of them that doesn't apply
in Moebius (nor, I believe, in any distributed architecture, where the 'bad
guys' have total control over the objects) is a certain non-mutability of
objects. When you've instantiated an object in E, you can't go back and
change it's methods - what they bind to, what their source code is, etc.
If you could do that, you'd instantiate a purse, then change it's decrement
method. Presto - you can hand out a decrement that's sealed by the right
thing, works fine, and does exactly what you want - purse of holding,
anyone? ;)
Ok, so the sealer performs some security checks on the method. In a
distributed world, those security checks are going to be _extremely_
interesting - and valid only until the checks stop being performed (at
which time, the holder of the object will switch methods on you).
End result - you drag more and more stuff back to the server for
verification, until you end up driving the objects data and methods on the
server from a remote point.
Caveat: I may be wrong, but I can't see where... As EQ and others have
demonstrated, people will quite happpily step "out of band" to break these
systems - I thought replacing the tiles with transparent ones was good, but
staggering lag on packets back to the server boggles me.
KevinL
_______________________________________________
MUD-Dev maillist - MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list