[Home] [Groups] - Message: [Prev in Group] [Next in Group]
11808: Re: [MUD-Dev] about MOO
[Full Header] [Plain Text]
From: Joey Hess <joey@kitenet.net>
Newsgroups: nu.kanga.list.mud-dev
Date: Fri, 19 Nov 1999 14:08:54 -0800
References: [1] [2] <-newest
Organization: Kanga.Nu
Andru Luvisi wrote:
[ Seveal interesting problems of MOO. ]
> Moo doesn't have any builtin mapping/associative array/hash table type.
<plug>Though perlmoo does.</plug>
> All verbs (aka functions) run with the permissions of their owner unless
> the owner is a wizard and the function changes it's permissions. This is
> like having *all* programs you ever write be setuid. I much prefer the
> recently developed stack based security model used by many LP muds, where
> by default you can only do something if *every* object on the call stack
> has the permissions to do it. You have to do extra work to be insecure.
> On MOO, you have to do extra work to be secure. A classic mistake is to
> have function A call function B, where function A drops privs, but
> function B doesn't check who called it, so if an unpriveleged programmer
> calls function B directly, function B runs with wiz privs.
I agree, I've never been comfortable with LambdaMOO's security model. The
stack based model sounds very intelligent to me, can you elaborate on it a
bit? Are there any gotchas associated with it?
> MOO doesn't have a preprocessor. Opinions are varied on whether this is a
> good thing or a bad thing. Personally, I like having a preprocessor.
If you mean something to preprocess a user's input, this could be added to
the appropariate method of the base character class. (Perlmoo has a
preprocessor added in exactly this way.)
--
see shy jo
_______________________________________________
MUD-Dev maillist - MUD-Dev@kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev