On Tue, 29 Jul 1997, Tigeba wrote:
>Shane wrote:
>> On Tue, 29 Jul 1997, Zizazat Lazuras wrote:
>>
>> Well, I personaly think ascii pfiles are a security risk. I know the box
>> i code on, is NOT SECURE. I don't know alot of people who can say there
>> box is totaly secure. All someone has to do is login and upload there
>> file.
>
>The benefits of ascii pfiles are hardly offset by the slight chance that
>someone can gain access to your account and upload/modify their pfile...
>If this occurs you have way bigger problems than someone giving themselves
>1 billion coins. Besides, if they hack your account, they are going to
>have all the tools they need to edit a binary file anyway (they are gonna
>have your mud source too you know... :)
Wow, Pico can reformat paragraphs and maintain the >'s, learn something new
everyday. :)
Don't forget they have access to 'mudpasswd' in _either_ case. So they
simply change YOUR password to something and then log in as imp.
It's like refusing to install a software program because it has known
security flaws when you leave a setuid root shell around! Sure your system
is more prone to problems now but there are many more effective ways around
it.
Result: Don't let them in in the first place, and if they do get in,
there are too many things they can do for you to stop them.
--
greerga@muohio.edu me@null.net | Genius may have its limitations, but stupidity
http://www.muohio.edu/~greerga | is not thus handicapped. -- Elbert Hubbard
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/08/00 PST