> On Tue, 29 Jul 1997, Zizazat Lazuras wrote:
>
> #> I'd rather just see ASCII pfiles in the stock code personally.
> #
>
> Well, I personaly think ascii pfiles are a security risk. I know the box
> i code on, is NOT SECURE. I don't know alot of people who can say there
> box is totaly secure. All someone has to do is login and upload there
> file.
Well, it depends on how you have the fs or the directories set up. On my
box, the mud is on a seperate filesystem all together that is rwx root
only. The "mud" account's home dir is within that filesystem - i.e. no
crossovers from filesystem to filesystem. I have a bash script (wrote it
myself) that recursively backs up the MUD and transfers it to my home
directory (on another filesystem). The next version of "mudbackup" will
encrypt the backup file twice (yes, I am paranoid). File security isn't
impossible; it's just a matter of how your filesystems and directory
structures are implemented - and if someone does hax it, I have a backup.
Most people, unless they are crackers, aren't likely to rm -rf the entire
filesystem unless they are total cocks. So sure, someone could possibly
hack root, but that takes effort rather than to do mv -f to replace a
simple ascii file. Maybe it would be possible to code some kind of
encryption into Circle so it would encrypt the player files so that they
could be decrypted by a utils program.
-j
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/08/00 PST