Re: [NEW IDEA?] Binary Pfile Editing system

From: George (greerga@DRAGON.HAM.MUOHIO.EDU)
Date: 07/29/97

On Tue, 29 Jul 1997, Tigeba wrote:

>Shane wrote:
>> On Tue, 29 Jul 1997, Zizazat Lazuras wrote:
>>  Well, I personaly think ascii pfiles are a security risk. I know the box
>> i code on, is NOT SECURE. I don't know alot of people who can say there
>> box is totaly secure. All someone has to do is login and upload there
>> file.
>The benefits of ascii pfiles are hardly offset by the slight chance that
>someone can gain access to your account and upload/modify their pfile...
>If this occurs you have way bigger problems than someone giving themselves
>1 billion coins.  Besides, if they hack your account, they are going to
>have all the tools they need to edit a binary file anyway (they are gonna
>have your mud source too you know... :)

Wow, Pico can reformat paragraphs and maintain the >'s, learn something new
everyday. :)

Don't forget they have access to 'mudpasswd' in _either_ case.  So they
simply change YOUR password to something and then log in as imp.

It's like refusing to install a software program because it has known
security flaws when you leave a setuid root shell around!  Sure your system
is more prone to problems now but there are many more effective ways around

Result: Don't let them in in the first place, and if they do get in,
there are too many things they can do for you to stop them.

-- | Genius may have its limitations, but stupidity | is not thus handicapped. -- Elbert Hubbard

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/08/00 PST