MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

Re: well here's the spawn of my algorithm.



	Hi Guys,
Mike sent this to me, with a request to forward, so I'll send his message 
complete and include my comments on the bottom.

On 13 Nov 1996, Michael Houghton wrote:

> >From m.k.houghton@reading.ac.uk Sat Nov  9 11:34:39 1996
> 
> >Hi,
> >
> >I know this has been done before somewhere.  Many thanks for the url, 
> [... snip ...]
> 
> >
> >The initial security glitch, is one of people accessing 
> >;#207:tell("(*&)http://nudebabes_on_ice.html")  however this can be 
> >traced @check and @paranoid, just like any other spam.  Could modify tell 
> >and notify to check for the string, but I don't think it's worth it since 
> >we have a very tame educational based community.
> >In any event, thanks for the replies.
> 
> Hi,
> 
> I implemented a Java client that understood (a subset of) HTML
> markup, and would send that client an HTML-like command 
> < URL http://www.somewhere.com/somepage/ >.
> 
> I found the need to restrict more than just 'telling' people 
> URLs, but also people 'telling' each other markup that I wanted
> reserved for special purposes (the bold red font I use for 
> loudspeaker messages for example.)
> 
> So, I hit upon two possible solutions for special markup.
> 
> 1) An override to end tag < OVR > - This would prevent any markup 
> until the end of line from being acted on - instead it would be
> displayed as is (quite useful, I found, in the editor).
> 
> 2) An Override on/ off pair < OVR > < /OVR >. This can, of course,
> be broken by the malicious user, who could:
> 
> say < /OVR > < h1> Boo! < /h1>
> 
> and give someone a large-fonted shock.
> 
> So, I considered adopting (but haven't yet implemented) a key system,
> so the markup becomes 
>  < OVR key=XXXXX >  some text < / OVR key=XXXX > .
> 
> This way, to _override_ the markup, a malicious person would have
> to know the key that would be used by the MOO in relaying the
> message to the intended victim. 
> 
> Hope this was of use to you. (If you would care to forward this
> to the list, I don't mind - I'm not using the account to which
> the MOO-mail is sent, so I don't think I can send to the list).
> 
> Mike Houghton
> 
> 
> 
> ---------------------------------------------------------
> Get Your *Web-Based* Free Email at http://www.hotmail.com
> ---------------------------------------------------------
> 
Hi Mike,

My client in this very alpha stage is not so complicated.  It can't send 
custom text types, and don't think it ever will.

I started learning java 4 days ago, so the protype is very rough but you 
can take a look, http://rdz.stjohns.edu/~john/framer.htm


What I got so far is a bottom window that will call up any url and load 
it in the top frame or window.  The two text boxes that are currently 
placed in the top frame, will go into the bottom and will handle the 
telnet.

Getting the code to show the url is available in a class called 
ShowDocument that is a general java class that is posted on the net, I 
hacked upon it to do my work for now.

The next thing I want to implement is the net connection.  Then it will 
be happening.

snafu's abound though, the most text I can fit in half a Netsape window 
is a text box that is three lines for input and five lines for output, 
not much for the serious MOOer.  There will be another version where text 
is dominant,  so we amay be able to use this for operations, also the 
voice synth people will use this version.

The capabilites goal for the alpa version is to have the text in the 
bottom fram, and a url of a gif in the top frame,  When I get into beta 
I'll experiment with adding sound, and maybe java animations.  I'm 
hesitant about working with the animations and sound, because the lag 
factor will be quite noticeable.


In any event, that's what I'm working on and that's how far I got.  The 
MOO side of things will be quite prmitive, just a mod of look_self to 
send a url if web is on.  Maybe a feature that loads up somebody's home 
page if you finger them.

If security turns into a problem, I'll write code that the server spews 
data that can't be input or read normally, but I'd prefer doing withouth 
a server hack.  Greater protability that way.

as for adding custom http code, that's not part of the algorthm web 
documents are not created by the system.


John      john@GrassRootsMOO  rdz.stjohns.edu 8888  john@rdz.stjohns.edu




Home | Subject Index | Thread Index