Re: Ethics.

From: Zeavon Calatin (zeavon@kilnar.com)
Date: 01/24/00

Next message: Zeavon Calatin: "Re: OT: AP Computer Science"
Previous message: Daniel A. Koepke: "Re: OT: AP Computer Science"
Maybe in reply to: Adam G Dobrinin: "Ethics."
Next in thread: Phill & Gigi Ahrens: "Re: Ethics."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >On Sun, 23 Jan 2000, Adam G Dobrinin wrote:
> >What if someone gets their hands on those logs? You may as well just
> >shutdown your mud because that someone will be able to do just about
> >anything they want with your mud.
>
>
> If anyone should ever get their hands on these logs in the first place you
> would have alot more to worry about than someone getting on someone else's
> character. But as for logging passwords to a mud, I think it is perfectly
> acceptable.

No. You would have one MORE thing to worry about in addition to all of the
other bad things that happen if and when your security gets compromised. You
may as well remove one thing from your list of things to worry about and be
on the safe side. I don't know why I try... anyone that thinks that logging
passwords is a good idea is beyond hope or help for learning proper security
methods.

> I know we have lost an encryption on passwords before and had to wipe them
> all so it saves us to just not encrypt them.

Again, storing a non-encrypted password is a horrible idea. If you must,
alter 'set' to allow your highest level immortal to do 'set NAME password
PASSWORD'. It's not that hard and it allows you to set passwords. Hell...
Here's the code:

vict = the target player.
val_arg = the new password.

strncpy(GET_PASSWD(vict), CRYPT(val_arg, GET_NAME(vict)), MAX_PWD_LENGTH);
*(GET_PASSWD(vict) + MAX_PWD_LENGTH) = '\0';

Now, how do you tell if someone is really the person that lost the email.
Ask for their mother's maiden name or their father's profession or ask them
the following questions:
What is your clue?   (e.g.: What is my mother's cat's name?)
What is the answer to your clue?   (e.g.: fluffy)

Good luck and for your sake, learn a little about system security before
advising others on what may or may not be best for the security of their
system.

--
Zeavon Calatin, Spear of Insanity
http://spear.kilnar.com/    telnet://spear.kilnar.com:1066

     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+

Next message: Zeavon Calatin: "Re: OT: AP Computer Science"
Previous message: Daniel A. Koepke: "Re: OT: AP Computer Science"
Maybe in reply to: Adam G Dobrinin: "Ethics."
Next in thread: Phill & Gigi Ahrens: "Re: Ethics."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 04/10/01 PDT