MOO-cows Mailing List Archive
Re: Means of gathering data (security)
Date: Fri, 14 Jun 1996 15:48:41 PDT
From: Eric Mercer <firstname.lastname@example.org>
Content-Type: text/plain; charset="us-ascii"
>>Thank you for pointing this out to me, and if you could point me in the
>>direction of those MOO security documents I would very much like to have a
>>look at them. The MOO I'm a wiz on is small, everybody knows everybody else,
>>but we're starting to grow...
You can also check out my little text on the subject, at:
Note that the exactly correct choice of security test is ALWAYS dependent
on he circumstances, and until you're comfortable with MOO security and all
the common ways people try to circumvent it, you're going to make mistakes.
But I'll go out on a limb, and say that for a +x verb that can be called
from the command line also, you can use:
if (!$perm_utils:controls((caller_perms()==#-1)?player|caller_perms(), this))
and you won't go too wrong. A common modification, usually OK and important
for generic objects to be used as a base for futher enhancements, is:
if (!((caller==this) || $perm_utils:controls....
The MOOverb_security.txt explains the problems with varients that use
callers() (inefficient) and valid(caller_perms()) (can be circumvented).
Hmm, I see I need to update the text, though, since it suggests the
callers()?caller_perms()|player <- inefficient
instead of the new-fangled
(caller_perms()==#-1)?player|caller_perms() <- less inefficient
Diversity University Services, manager
Subject Index |