[MUD-Dev] Scripting languages
Lars Duening
lars at bearnip.com
Tue Jul 1 08:03:41 CEST 2003
On Monday, June 30, 2003, at 11:07 PM, Mark 'Kamikaze' Hughes wrote:
> Mon, Jun 30, 2003 at 11:39:06AM -0600 in
> <BF6C3010-AB21-11D7-B4CF-0003938094E8 at bearnip.com>, Lars Duening
> <lars at bearnip.com> spake:
>> On Sunday, June 29, 2003, at 04:11 AM, Mark 'Kamikaze' Hughes wrote:
>>> There are security and malware questions in using *any*
>>> general-purpose programming language for scripting; if you can't
>>> violate security or create an infinite loop within the language
>>> proper, you can overrun buffers, or find some other abuse.
>>> There have been known security holes in Lua, as well. And on
>>> the gripping hand, it doesn't matter, because the only people
>>> you'll normally allow to write full scripting code *are* trusted
>>> admins. The MUDs where this is not the case are fairly unusual,
>>> and already have their own scripting languages.
>> Which of course is another reason as to why a Mud authors might
>> want to implement their own scripting languages (and I wouldn't
>> call the LP/MOO muds 'unusual').
> All of the LPMuds I've played on only allowed wizards to edit
> anything.
Considering that most wizards are recruited from the playerbase,
they are untrusted admins at best.
> If you don't trust someone, my first instinct is to not give them
> scripting access. If you do give them scripting access, they can
> break your system if they so choose. Making a custom language
> won't stop that. Only social solutions will work.
*nod* But a custom language implementation can help enforcing the
social solutions by raising the bar for wannabe crackers and
limiting the possible damage.
--
Lars Duening; lars at bearnip.com
GPG Key: http://www.bearnip.com/lars/lars-duening.gpgkey
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list