well here's the spawn of my algorithm.

• Date: Sat, 9 Nov 1996 12:19:58 PST
• From:
  John Leone <john@rdz.stjohns.edu>
• Content-Type: TEXT/PLAIN; charset=US-ASCII

Hi,

I know this has been done before somewhere.  Many thanks for the url, I 
received that I have yet to check out.

I joined the Pueblo mailing list, and have addressed my Pueblo questions 
there.  I have even visited a MUD and had fun(chuckle).  You know I 
always knew we were based on MUD's, but had never been on one.

In any event this is my algorithm for the java based MOO client.

Have java open a winsock to the client.  Send login and password.  Then 
send a command string like @java on.  This modifies look_self to add an 
ecoded url to the look self.  the encoding will be something simple like 
(*&)http:...  When the jave client receives these strings, it doesn't 
send them to the screen, rather, tells the other window to go to the 
specified url.

The reason for the algorithm is no server hacking, it can all be done in 
MOO.  I have started some experiments with server hacking, but they have 
thus far been minimal and not too my liking.  Reading the mostly 
undocumented server is daunting, modifying it is tentative, then you got 
to compile the bloody thing, and then put up the moo and do guesswork on 
tracking down the bug.  I've taken this to no art form.

The initial security glitch, is one of people accessing 
;#207:tell("(*&)http://nudebabes_on_ice.html")  however this can be 
traced @check and @paranoid, just like any other spam.  Could modify tell 
and notify to check for the string, but I don't think it's worth it since 
we have a very tame educational based community.

If you really wanted to get fancy, you could have a list of approved 
sites.

Another snafu which is also a good thing, is security in java only allows 
you to telnet to the site with the url.  So, if there is to be a server, 
that serves other sites, you have to work around that.  But this prevents 
things like the program opening another socket, and sending your username 
and password to a file somewhere.  But if someone was a hack, they could 
send your username and password to the host system via a server, and then 
have that server send it anywhere.  So the bottom line, anytime you use 
one of these clients for MOO/MUD or whatnot, your username and password 
are insecure.  I can't see anyone going to so much trouble to get the moo 
username and password of anything, but once you add a layer security is 
compromised.

In any event, thanks for the replies.

Happy Surfing,
              John.


john@GrassRootsMOO rdz.stjohns.edu 8888
john@rdz.stjohns.edu

• Prev: Re: we come in peace...
• Next: Re: well here's the spawn of my algorithm.
• Index: MOO-cows
• Thread: MOO-cows