MOO-cows Mailing List Archive

Re: Security

Date: Sun, 24 Mar 1996 12:08:08 PST
From:
phantom@baymoo.sfsu.edu (Richard Connamacher)
Content-Type: text/plain; charset="us-ascii"

At 1:10 AM 3/23/96, Isildur wrote:
>Hi all.
>Im new at this list...
>We are installing a new moo-server, it is up since last month.
>Now we have the big doubts...
>They are concerning security. We want to allow only to do some kind of things
>that are "physically" correct, not allowong to teleport, change player names
>etc...
>This is to make it playable, with some kid of rules but freedom to interact.

Find all the verbs on $player that allow them to teleport things (like
@move), and move them to $builder, and @rmverb them from $player.  Then
just set up some rules to programmers saying that they're not allowed to
make things that give players the ability to teleport, without first asking
the wizzen.

>But we are almost new at this.
>The first big doubt we have is:
>In LambdaMOO programmers manual says that only wizards can change player
>names and objects owners... this is not true in our moo... people changes his
>names using @rename, @set me.name etc... and they can change parents of
>their objects (in fact they can become builders...)

The LambdaMOO programmer's manual is correct, but not in the way that
you're thinking.  Players cannot change their names, unless the core gives
them the ability to change their names.  Ie if you can't change your .name
property, but I am a wiz, and I make a verb that changes your name property
for you, to whatever you wanted it to change to, such as @rename, then, as
far as the MOO's concerned, _I_ am the one who is changing your name.
you're just the one who typed the verb to do it.  That's how @rename works.

Stock players shouldn't be able to @chparent themselves, that is a verb
left to $builder.  make sure that new players are kids of $player, and not
$builder.

>Now players owners are themselves, is this correct?

True, players generally own themselves, although there is no hard and fast
rule saying that this must be so, although in LambdaCORE, it'll screw up a
lot of things if players don't own themselves.

>Another one:
>Should I change the f bit of #1 to off and propagate to childs?

I'm not sure what you mean, but I'd suggest just keeping #1 fertile.

>We want to control our moo, but now we have more than 100 users and we are
>realizing that we are not ready at all...

A lot of people find that.  I'd suggest for you to go to one of the already
established MOOs, there's a lot of people there who will help you learn how
to program MOO and how everything works.  It's always good to put off
building a high speed jet until you know how they work, and the same thing
applies to MOO.  :-)

Phantom

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEtexUAAAEEALPfu202DEwxLQ96BwKL5liDPzdCVox/iSbc201h5oTzLGmT
v1PU+TmeS/lEtTvVe5WVZ3iDjjKDcoWwc1MRmbCMMVosywXEiXoLqWBTj+hlcKXA
//TpyK4RRBZodr6eFesy2wSphpXTtJnIduKMDP0XuVgcrOILMUa1Zcdw+pa1ABEB
AAG0LVJpY2hhcmQgQ29ubmFtYWNoZXIgPHBoYW50b21AYmF5bW9vLnNmc3UuZWR1
Pg==
=iME4
-----END PGP PUBLIC KEY BLOCK-----

Follow-Ups:

Re: Security

From: Isildur <Isildur@aicien13.cienalu.unican.es>

Prev: Re: Security
Next: Re: Security
Index: MOO-cows
Thread: MOO-cows

Home | Subject Index | Thread Index