Re: [AD] Arcane Realms Snippets

From: Daniel A. Koepke (dkoepke@circlemud.org)
Date: 03/10/02

Next message: Artovil: "Re: [AD] Arcane Realms Snippets"
Previous message: Zerin: "Re: [AD] Arcane Realms Snippets"
Next in thread: Artovil: "Re: [AD] Arcane Realms Snippets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 10 Mar 2002, Mike Stilson wrote:

> Hideously unsafe, actually.

Why?  Which of your coders would you not want to have access to the SQL
database?  Why did you give them shell access if you didn't trust them?

> Why not just do something simple like this?

How does this stop anyone that has access to your code from getting the
password?  If they have been granted read-write access to the code, a
simple syllogism illustrates that they still have access to your sql_cnf
file regardless of file permissions:

  The Mud can read the sql_cnf file to get its configuration.
  User A has read-write access to the Mud's code.
  Therefore, User A can read the sql_cnf file.

He need only add a single line of code to the bottom of the load_sql()
function to log() the DB, user, password, et al.  The Mud is setuid to
have the permissions to read the file, but he can read the logged output
when he runs the Mud.  Game over.

If they only have read access to the code, you've clearly mismanaged your
file permissions.  You've given someone access to something they don't
need access to.  In that case, introducing more permissions to (mis)manage
is probably not the best solution.

It's a cliche for a good reason: a chain is only as strong as its weakest
link.  Your security policies form a chain.  No matter how much
indirection and newer, stronger links you add onto the end, if there's one
that's chipped through, your security isn't improving.  If you've given
someone you don't trust access to the Mud's account, you can forget about
security.  In fact, at that point, you already have forgotten.

I think you should be more worried about why you're giving people you
don't trust more access than they merit than you are about trying to hide
information from said priveleged people.

All of that said, the separate configuration file is probably still worth
doing for (no other reason than) flexibility.  It's nice to be able to
change things without having to recompile and having different executables
for different configurations.

-dak

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+

Next message: Artovil: "Re: [AD] Arcane Realms Snippets"
Previous message: Zerin: "Re: [AD] Arcane Realms Snippets"
Next in thread: Artovil: "Re: [AD] Arcane Realms Snippets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 06/25/03 PDT