MOO-cows Mailing List Archive
[Prev][Next][Index][Thread]
well here's the spawn of my algorithm.
-
Date: Sat, 9 Nov 1996 12:19:58 PST
-
From: John Leone <john@rdz.stjohns.edu>
-
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
I know this has been done before somewhere. Many thanks for the url, I
received that I have yet to check out.
I joined the Pueblo mailing list, and have addressed my Pueblo questions
there. I have even visited a MUD and had fun(chuckle). You know I
always knew we were based on MUD's, but had never been on one.
In any event this is my algorithm for the java based MOO client.
Have java open a winsock to the client. Send login and password. Then
send a command string like @java on. This modifies look_self to add an
ecoded url to the look self. the encoding will be something simple like
(*&)http:... When the jave client receives these strings, it doesn't
send them to the screen, rather, tells the other window to go to the
specified url.
The reason for the algorithm is no server hacking, it can all be done in
MOO. I have started some experiments with server hacking, but they have
thus far been minimal and not too my liking. Reading the mostly
undocumented server is daunting, modifying it is tentative, then you got
to compile the bloody thing, and then put up the moo and do guesswork on
tracking down the bug. I've taken this to no art form.
The initial security glitch, is one of people accessing
;#207:tell("(*&)http://nudebabes_on_ice.html") however this can be
traced @check and @paranoid, just like any other spam. Could modify tell
and notify to check for the string, but I don't think it's worth it since
we have a very tame educational based community.
If you really wanted to get fancy, you could have a list of approved
sites.
Another snafu which is also a good thing, is security in java only allows
you to telnet to the site with the url. So, if there is to be a server,
that serves other sites, you have to work around that. But this prevents
things like the program opening another socket, and sending your username
and password to a file somewhere. But if someone was a hack, they could
send your username and password to the host system via a server, and then
have that server send it anywhere. So the bottom line, anytime you use
one of these clients for MOO/MUD or whatnot, your username and password
are insecure. I can't see anyone going to so much trouble to get the moo
username and password of anything, but once you add a layer security is
compromised.
In any event, thanks for the replies.
Happy Surfing,
John.
john@GrassRootsMOO rdz.stjohns.edu 8888
john@rdz.stjohns.edu
Home |
Subject Index |
Thread Index