MOO-cows Mailing List Archive


Re: Means of gathering data (security)

>>Thank you for pointing this out to me, and if you could point me in the
>>direction of those MOO security documents I would very much like to have a
>>look at them.  The MOO I'm a wiz on is small, everybody knows everybody else,
>>but we're starting to grow...

  You can also check out my little text on the subject, at:

  Note that the exactly correct choice of security test is ALWAYS dependent
on he circumstances, and until you're comfortable with MOO security and all
the common ways people try to circumvent it, you're going to make mistakes.
Exciting, huh?
  But I'll go out on a limb, and say that for a +x verb that can be called
from the command line also, you can use:

  if (!$perm_utils:controls((caller_perms()==#-1)?player|caller_perms(), this))
    return E_PERM;

and you won't go too wrong.  A common modification, usually OK and important
for generic objects to be used as a base for futher enhancements, is:

  if (!((caller==this) || $perm_utils:controls....

The MOOverb_security.txt explains the problems with varients that use
callers() (inefficient) and valid(caller_perms()) (can be circumvented).
Hmm, I see I need to update the text, though, since it suggests the
  callers()?caller_perms()|player         <- inefficient
instead of the new-fangled
  (caller_perms()==#-1)?player|caller_perms()    <- less inefficient

Eric Mercer
Diversity University Services, manager

Home | Subject Index | Thread Index