Re: Ethics.

From: Zeavon Calatin (
Date: 01/24/00

> >On Sun, 23 Jan 2000, Adam G Dobrinin wrote:
> >What if someone gets their hands on those logs? You may as well just
> >shutdown your mud because that someone will be able to do just about
> >anything they want with your mud.
> If anyone should ever get their hands on these logs in the first place you
> would have alot more to worry about than someone getting on someone else's
> character. But as for logging passwords to a mud, I think it is perfectly
> acceptable.

No. You would have one MORE thing to worry about in addition to all of the
other bad things that happen if and when your security gets compromised. You
may as well remove one thing from your list of things to worry about and be
on the safe side. I don't know why I try... anyone that thinks that logging
passwords is a good idea is beyond hope or help for learning proper security

> I know we have lost an encryption on passwords before and had to wipe them
> all so it saves us to just not encrypt them.

Again, storing a non-encrypted password is a horrible idea. If you must,
alter 'set' to allow your highest level immortal to do 'set NAME password
PASSWORD'. It's not that hard and it allows you to set passwords. Hell...
Here's the code:

vict = the target player.
val_arg = the new password.

strncpy(GET_PASSWD(vict), CRYPT(val_arg, GET_NAME(vict)), MAX_PWD_LENGTH);
*(GET_PASSWD(vict) + MAX_PWD_LENGTH) = '\0';

Now, how do you tell if someone is really the person that lost the email.
Ask for their mother's maiden name or their father's profession or ask them
the following questions:
What is your clue?   (e.g.: What is my mother's cat's name?)
What is the answer to your clue?   (e.g.: fluffy)

Good luck and for your sake, learn a little about system security before
advising others on what may or may not be best for the security of their

Zeavon Calatin, Spear of Insanity    telnet://

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  |

This archive was generated by hypermail 2b30 : 04/10/01 PDT