[Home] [Groups] - Message: [Prev in Group] [Next in Group]
20015: RE: [MUD-Dev] strong encryption for authentication
[Full Header] [Plain Text]
From: Fred Clift <fclift@verio.net>
Newsgroups: nu.kanga.list.mud-dev
Date: Fri, 13 Jul 2001 11:28:10 -0600 (MDT)
References: [1]
Organization: Kanga.Nu
On Thu, 12 Jul 2001, Fred Clift wrote:
> Oh, and I'd love to get my hands on some crypto software -- It'd
> definitely be a fun toy :).
Uh - I mean hardware -- I have plenty of software :).
My main motivation here is to not allow someone to leverage mud
access into local shell access (and thence into root access on the
box). I have tools in my mud that (if I have bugs in my software)
could be used to change files/state on the server, outside the mud
(ie db acccess, load/save of mob scripts etc). I dont think there
are holes, but I've been wrong many many times before.
stelnet options would be a good place to start, or perhaps whipping
up an easily installable proxy, or just allowing connections on a
seperate port from either ssh or ssl'd connections. It is fairly
easy to set up either kind of tunnel and this would be a 'nich'
feature that not everyone would use.
For now, I ssh to the box and run a client there connecting to
localhost -- probably good enough for me, but I know some players
who would like it.
I might try and convince the administrative people on the mud to
always use encrypted connections.... Or at least not use the same
password for shell access that they use for their mud logins :)
Fred
--
Fred Clift - fclift@verio.net -- Remember: If brute
force doesn't work, you're just not using enough.
_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev