MOO-cows Mailing List Archive
Re: [SECURITY] the basics? (was Re: force_input() and $do_command())
I guess I lucked out on that one :)
in NewCore, I don't have the permissions database hooked up yet, so I
set all wizardly objects to check for both player=this, and caller = this
except where I wanted to limit it to the archwiz.
So despite the fact that I use ALL ALL ALL verbs almost exclusively in the
first few objects, that means that I haven't opened up any extra security
holes that I was not aware of???
(I tend to parse my own stuff at system level to change the syntax around
for greater security)
I released the experimental minimal database months ago, and as far as I
know no one has looked very hard at it, if only because it is SOOOO
GRAEME SMITH email: email@example.com
(Back on line!>
Subject Index |