Re: [SECURITY] the basics? (was Re: force_input() and $do_command())

• Date: Sun, 7 Jul 1996 17:02:58 PDT
• From:
  Graeme Smith <grysmith@freenet.edmonton.ab.ca>
• cc: MOO-Cows.parc@xerox.com
• Content-Type: TEXT/PLAIN; charset=US-ASCII
• In-Reply-to: <v03007603ae058ca2bac1@[128.18.20.118]>

Hmmmm.....

I guess I lucked out on that one :)

in NewCore, I don't have the permissions database hooked up yet, so I
set all wizardly objects to check for both player=this, and caller = this
except where I wanted to limit it to the archwiz.

So despite the fact that I use ALL ALL ALL verbs almost exclusively in the
first few objects, that means that I haven't opened up any extra security
holes that I was not aware of???


(I tend to parse my own stuff at system level to change the syntax around
for greater security)

I released the experimental minimal database months ago, and as far as I
know no one has looked very hard at it, if only because it is SOOOO 
minimal.

				GREY

GRAEME SMITH                         email: grysmith@freenet.edmonton.ab.ca 
YMCA Edmonton             
(Back on line!>

• Re: [SECURITY] the basics? (was Re: force_input() and $do_command())
• From: Richard Godard <janus@cam.org>

• Prev: [SECURITY] the basics? (was Re: force_input() and $do_command())
• Next: [SERVER] scattering assignment (was: wishlists)
• Index: MOO-cows
• Thread: MOO-cows