MOO-cows Mailing List Archive


Re: [SECURITY] the basics? (was Re: force_input() and $do_command())


I guess I lucked out on that one :)

in NewCore, I don't have the permissions database hooked up yet, so I
set all wizardly objects to check for both player=this, and caller = this
except where I wanted to limit it to the archwiz.

So despite the fact that I use ALL ALL ALL verbs almost exclusively in the
first few objects, that means that I haven't opened up any extra security
holes that I was not aware of???

(I tend to parse my own stuff at system level to change the syntax around
for greater security)

I released the experimental minimal database months ago, and as far as I
know no one has looked very hard at it, if only because it is SOOOO 


GRAEME SMITH                         email: 
YMCA Edmonton             
(Back on line!>


Home | Subject Index | Thread Index