MOO-cows Mailing List Archive


Re: more questions

At 04:51 PM 2/22/97 PST, Mike Moore wrote:
>A more robust approach would be:
>if ($perm_utils:controls (caller_perms(), this) && (player == this.owner))
>This one checks to see that the owner of the verb calling this:moveto()
>has permissions for this object (i.e. the owner or a wizard) and that the
>task that resulted in the verbcall was started by this object's owner.
>That way, my malicious :tell verb would fail to move the object.
True, but then the editor couldn't move you in either.
($generic_editor:suck_in is owned by hacker.) You could check to see if an
editor is the one moving you, but then someone could just make their own
child and use it to move you.
Maybe you can go through all frames of callers and make sure that
frame[5]==player... although that might not work either.

Follow-Ups: References:

Home | Subject Index | Thread Index