[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

11808: Re: [MUD-Dev] about MOO

[Full Header] [Plain Text]
From: Joey Hess <joey@kitenet.net>
Newsgroups: nu.kanga.list.mud-dev
Date: Fri, 19 Nov 1999 14:08:54 -0800
References: [1] [2] <-newest
Organization: Kanga.Nu
Andru Luvisi wrote:
[ Seveal interesting problems of MOO. ]

> Moo doesn't have any builtin mapping/associative array/hash table type.

<plug>Though perlmoo does.</plug>

> All verbs (aka functions) run with the permissions of their owner unless
> the owner is a wizard and the function changes it's permissions.  This is
> like having *all* programs you ever write be setuid.  I much prefer the
> recently developed stack based security model used by many LP muds, where
> by default you can only do something if *every* object on the call stack
> has the permissions to do it.  You have to do extra work to be insecure.
> On MOO, you have to do extra work to be secure.  A classic mistake is to
> have function A call function B, where function A drops privs, but
> function B doesn't check who called it, so if an unpriveleged programmer
> calls function B directly, function B runs with wiz privs.

I agree, I've never been comfortable with LambdaMOO's security model. The
stack based model sounds very intelligent to me, can you elaborate on it a
bit? Are there any gotchas associated with it?

> MOO doesn't have a preprocessor.  Opinions are varied on whether this is a
> good thing or a bad thing.  Personally, I like having a preprocessor.

If you mean something to preprocess a user's input, this could be added to
the appropariate method of the base character class. (Perlmoo has a
preprocessor added in exactly this way.)

--
see shy jo



_______________________________________________
MUD-Dev maillist  -  MUD-Dev@kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev