Re: [AD] Arcane Realms Snippets

From: Daniel A. Koepke (
Date: 03/10/02

On Sun, 10 Mar 2002, Mike Stilson wrote:

> Because what would happen if thru a miracle of cut-n-paste in an email
> while, or making a diff to post, or anything else you grab some more of
> your code than intended.

I'd *like* to dismiss this on the grounds that it's inane; that it'd be
awfully stupid to mindlessly copy code and give it to untrusted parties.
But I can't.  I know, as well as anyone, that it dosen't take a stupid
person to do something cataclysmically stupid.  So this is a valid, if
minor, point.  Properly configured access limits to MySQL and care are
enough to cover it, and there are similar gotchas to any other security
model.  Sometimes (usually) *you* are the weakest link.

> What if *buf decided to go wandering off through memory sometime and
> act() spits that out to a player?

This can happen either way.  In fact, it's maybe more likely when we're
allocating the memory on the heap.

> If only mudadmin can run it, then that's the only account to worry
> about, and that's only needed to be known by a couple people.

Okay, but if the coders can read the log files, then we're back to them
being able to see the main database password.  The point still stands.

> Hopefully you notice these things in their code before you use their
> changes.

...and hopefully you notice the password in the code you copy-and-paste
before you send it off in an e-mail to someone.  Unfortunately, hope is
both antithetical to security and, at some point, required.


   | FAQ: |
   | Archives: |
   | Newbie List:   |

This archive was generated by hypermail 2b30 : 06/25/03 PDT