World file security (offline editor issues)

From: Patrick Dughi (
Date: 12/29/00

"Hope you don't mind. I just downloaded your entire world directory."

        In cases where the world is perhaps more unique than the code
running this, this could be seen as theft of the mud itself.  Even if not,
it's a pretty big part.  Seems you wouldn't want just anyone running
around with it.

        However, I'm contemplating how I could stop someone from doing
that, if they're going to be building for my mud with an offline editor.
Yes, you can build a zone without having the other areas - it's easy
enough.  Granted, the external room connections will be hard to insure,
and loading up random objects from other zones (if you allow that sort of
thing) is difficult.. not to mention the fact that other people's mobs are
perfect case studies of how to do any one particular thing...

    In the end, it is rather difficult to get along, but it's possible.

        But I want it to be easy to get along.


        I want an offline editor that will allow you to login to a mud,
download the world files (and update currently downloaded ones if they've
changed), and then upload the 'fixed' copies back again.

        I want changes in my editors/mud to update in real time.  If I
remove a zone in my editor, I want to remove it in the mud.  If I change
the stats on object #32, i want the mud object #32 to change right then
and there.

        I want my builders using the editor to have access to as much of
the world as possible - assuming that it increases productivity.

        I don't want my builders to be able to easily give away my zones,
especially if they didn't write them.  That is, assume for now no zones
were written by them, options for allowing individual access to their own
comes in later, if convienent.

        The code itself is freely available, and in fact must be given
even with custom versions of the binary, due to GPL.  Therefore any
in-code protection would be immediately useless.


        Our editor-user is attempting to steal our world.


        Well.. here's where I need help.  There's going to have to be some
way for the person to 'get' the files they're working on.  Tying their OLC
permissions and userid:password combo together makes validation a
non-isue.  But what about the rest?  What about other rooms, and other
data?  What ever it is, even if it's not saved to the drive to save on
download speed issue, we can assume they can reprogram their editor to
write it out from there.

        Perhaps these builders don't _need_ all the data.  I think in most
cases, the name and vnum of rooms, mobs and objs is enough to make working
with zedit/redit simple enough.  As for data for comparison, perhaps the
ability to mark some zones on the server ..granting read access to all

        Maybe there's some other way I haven't thought of, like using some
crytograpic system to store the data in an encrypted form, and then pass
the information to the server in that manner to be decrypted internally...

        Though, how would the editor read that info then, in the first for new zones that you write in a single session, just use
standard public/private key technology. ...of course, if it ever exists in
clear text in the program itself (even if only in memory), it could be no loading mechansim allowed would work...

        Maybe i'm getting too excited by the idea of nasty crypto-work and
overlooking a simple obvious (boring, but correct) solution?  Maybe it's
just not possible, and you'll just have to get trustworthy individuals?


   | FAQ: |
   | Archives: |

This archive was generated by hypermail 2b30 : 04/11/01 PDT