Re: [ADMIN] hackers and security

From: Jesse Scott (jscott@BMI.NET)
Date: 08/17/98

I don't know how many others are doing this but we have set up
individual shells for each person we have granted direct access to the
server, that way if the fertilizer does hit the fan, at least we know
who may have done it (or given out their password).  If someone does
somehow guess one of the passwords, well there's not much you can do
about that period, but I think that it would be much more worthwhile for
any hacker with that kind of luck to be buying Powerball tickets. :)
Anyway, because of this 'holding whoever's password was used to access
the site more or less responsible for ensuing damage' policy, the ppl we
give a login to are a lot more reluctant to give it out.  Also you can
of course modify the r/w/x rights of each login so that ppl who don't
need to have access to certain stuff don't.
        Anyway, I'm sure this is fairly obvious but just thought I'd mention it
since it seemed to me that you were talking as if there was only one

        (It also helps if your MUD is hosted by a paranoid ISP that lets you
give out a minimum number of shells. :))



Doppleganger Software wrote:
<snippagus maximus>
> The only advice I will give is that the site password should ONLY be
> given to coders you trust, and MAYBE one high level administrator (and
> not even that if you have online text file editing)  That stops any
> chance of someone asking any old immortal what the site password is.  How
> you handle giving out the password is your own business.
<more snippiage>

Jesse Scott -- --
Assistant DB Admin, HTML Writers Guild --
ObsidianMUD Implementor --
PACP Webmaster --
Sokie on DALnet, #new2irc AOP, #users SOP -- : 7000

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST