Re: merc

From: Jeff (
Date: 04/06/94

> Hmmmmm....... I personally like the idea of separate text player files.  
> It would definitely help me on those glorious occasions when someone 
> wants to know what their password is, so that I don't have to go change 
> it, or when you want to look at a char's stats w/o entering the game (for 
> whatever reasons....).  As for people hacking into files and modifying 
> them..... well, OLC will keep people out of the root account, and anyone 
> who got caught doing something like that would be deleted anyway.... *grin*

Storing someone's password in cleartext (on any system) is generally a bad
idea.  While a MUD is generally pretty safe (most MUDs don't let you shell
to the OS) it makes it one step easier to hack.  Earlier this year we had
someone hack our campus email server which stored the passwords in cleartext, 
and took EVERYONE's password, forcing the administrators to lock everyone's
account until new passwords could be made (some of the administrators were
also looking for new jobs).  The hacker didn't even have an account on the

If you want to make it easy to change passwords, I'd suggest implementing a
local override password that works in all cases (entering the game, changing
an existing password, deleting a character) and have them give you a new
password to enter.  If that sounds unsafe, make it so that the override is
only checked for people logging in from loopback (



This archive was generated by hypermail 2b30 : 12/07/00 PST