MOO-cows Mailing List Archive
RE: Logging and Security Hole.
On Tue, 30 Jan 1996, C. Regis Wilson wrote:
> >Secondly, I'd like a way to log all commands that a grey listed site
> >issues into the server log.. I think all I have to do is modify the
> >$command_utils:do_huh, but I think that this would be a nice addition to
> >the next LambdaCore. Since Greylisting is suppose to be a warning of
> >problems, have it log all commands from those sites.. Comments Welcome.
> I don't think you can do this without in-db parsing. But,
> if it's in-db, it can be loop-holed or hacked. You'd have
> to have the server log the commands in some way, but then
> (in my opinion) you violate the theory of "division of
> server and db".
I don't think $command_utils:do_huh is a good choice for this. This would
probably work fine if you put it in #0:do_command:
Since :do_command returns false the server continues with the command
anyway. It has to call $login and $string_utils before every single
command though, even if you're not being logged.
I don't think logging commands is a very nice thing to do in the first
place anyway, and users should be notified at login if there is the
possibility of it. Perhaps only log commands that match a certain pattern
(all those starting with `@'?) would be nicer.
Something totally unrelated in case I'm wrong about how to log people, so
this message might still be worth something, here is something I've
You get the idea. You don't have to specify $string_utils over and over
if you use it a lot.
> >In Him, for Him
> Is this one of those Christian subliminal messages?
Which word doesn't belong: Andrew Wendt
Christianity, Hypocrisy, Lies, Trickery, Sheep email@example.com
"andy is the prince of darkness" -- draco firstname.lastname@example.org
Subject Index |