MOO-cows Mailing List Archive


RE: Logging and Security Hole.

On Tue, 30 Jan 1996, C. Regis Wilson wrote:

> >Secondly, I'd like a way to log all commands that a grey listed site 
> >issues into the server log.. I think all I have to do is modify the 
> >$command_utils:do_huh, but I think that this would be a nice addition to 
> >the next LambdaCore.  Since Greylisting is suppose to be a warning of 
> >problems, have it log all commands from those sites..  Comments Welcome.
> I don't think you can do this without in-db parsing.  But,
> if it's in-db, it can be loop-holed or hacked.  You'd have
> to have the server log the commands in some way, but then
> (in my opinion) you violate the theory of "division of
> server and db".

I don't think $command_utils:do_huh is a good choice for this. This would 
probably work fine if you put it in #0:do_command:

if ($login:graylisted(su:connection_hostname(connection_name(player))))
  server_log(tostr(su:nn(player),": ",argstr));

Since :do_command returns false the server continues with the command
anyway. It has to call $login and $string_utils before every single 
command though, even if you're not being logged.

I don't think logging commands is a very nice thing to do in the first 
place anyway, and users should be notified at login if there is the 
possibility of it. Perhaps only log commands that match a certain pattern 
(all those starting with `@'?) would be nicer.

Something totally unrelated in case I'm wrong about how to log people, so
this message might still be worth something, here is something I've

with ($string_utils)

You get the idea. You don't have to specify $string_utils over and over 
if you use it a lot.

> >In Him, for Him
> >
> Is this one of those Christian subliminal messages?


Which word doesn't belong:                                        Andrew Wendt
Christianity, Hypocrisy, Lies, Trickery, Sheep 
"andy is the prince of darkness" -- draco


Home | Subject Index | Thread Index