<!-- MHonArc v2.4.4 --> <!--X-Subject: Re: [MUD-Dev] Re: Issues from the digests and Wout's list --> <!--X-From-R13: pynjerapNphc.uc.pbz --> <!--X-Date: from fabius.globecomm.net [207.51.48.6] by mx5.ibm.net id 862245293.122318-1 Mon Apr 28 16:34:53 1997 --> <!--X-Message-Id: 199704281639.JAA29396#xsvr3,cup.hp.com --> <!--X-Content-Type: text/plain --> <!--X-Reference: 3360B856.167EB0E7#iname,com --> <!--X-Head-End--> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <html> <head> <title>MUD-Dev message, Re: [MUD-Dev] Re: Issues from the digests and Wout's list</title> <!-- meta name="robots" content="noindex,nofollow" --> <link rev="made" href="mailto:clawrenc#cup,hp.com"> </head> <body background="/backgrounds/paperback.gif" bgcolor="#ffffff" text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000"> <font size="+4" color="#804040"> <strong><em>MUD-Dev<br>mailing list archive</em></strong> </font> <br> [ <a href="../">Other Periods</a> | <a href="../../">Other mailing lists</a> | <a href="/search.php3">Search</a> ] <br clear=all><hr> <!--X-Body-Begin--> <!--X-User-Header--> <!--X-User-Header-End--> <!--X-TopPNI--> Date: [ <a href="msg00260.html">Previous</a> | <a href="msg00262.html">Next</a> ] Thread: [ <a href="msg00223.html">Previous</a> | <a href="msg00281.html">Next</a> ] Index: [ <A HREF="author.html#00261">Author</A> | <A HREF="#00261">Date</A> | <A HREF="thread.html#00261">Thread</A> ] <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> <H1>Re: [MUD-Dev] Re: Issues from the digests and Wout's list</H1> <HR> <!--X-Subject-Header-End--> <!--X-Head-of-Message--> <UL> <LI><em>To</em>: <A HREF="mailto:mud-dev#null,net">mud-dev#null,net</A></LI> <LI><em>Subject</em>: Re: [MUD-Dev] Re: Issues from the digests and Wout's list</LI> <LI><em>From</em>: <A HREF="mailto:clawrenc#cup,hp.com">clawrenc#cup,hp.com</A></LI> <LI><em>Date</em>: Sun, 27 Apr 97 09:14:50 -0700</LI> <LI><em>Reply-to</em>: <A HREF="mailto:claw#null,net">claw#null,net</A></LI> </UL> <!--X-Head-of-Message-End--> <!--X-Head-Body-Sep-Begin--> <HR> <!--X-Head-Body-Sep-End--> <!--X-Body-of-Message--> <PRE> In <<A HREF="msg00223.html">3360B856.167EB0E7#iname,com</A>>, on 04/25/97 at 08:25 PM, Shawn Halpenny <malachai#iname,com> said: >clawrenc#cup,hp.com wrote: >> A key point in my game is free user programming. While there are >> always security questions of "real" vs "newly user programmed" >> objects, more or less I allow any user to program any type of object >> or feature at any time. The security features then just ensure that >> he can't program up a 50,000hp wet noodle to defeat the red dragon >> (well, actually he can program such a weapon, its just that >> unvalidated user-programmed objects can't affect validated objects >> (like the red dragon) in that way). >I'd first encountered this free user programming idea when I came >across a post of yours on the ng's. Could you dispense a smidge of >the fundamentals so I know what your approach is about? Base principle: The server shall expressly support the fact that any user at any time can program any new object with any feature set. Base rule: The programming of any feature on any object shall not require source access to any other object(s). Caveat to principle: The user's capabilities can be degraded, turned off, or otherwise restricted by the admins. The principle pretty well aligns with many MOO and Tiny-* systems. LambdaMOO being a good case in point. The rule however seperates me from the rest of the crowd and is a fundament of my security design. The other trick is mixing all this with a goal oriented game. If Bubba is able to program up a 50,000hp mega wet noodle at a moments notice, how do you maintain game balance for the near-unkillable red dragon? I manage this end thru security. >I've got a >notion in mind, but I'd rather know where you're coming from before I >make assumptions. From what I've thought about it, I was wondering >how "free" it can be. Compleatly and utterly free. I do *NOT* restrict what users can program. What I do restrict is how the objects they program can affect their environment. >Now you say that unvalidated user-objects >can't affect validated objects (sensible). Does that mean that every >object the user programs has to be run by an admin before it is >allowed in the game? Or is there a set of "safe" constructs that >anyone can use and objects using only those have no need for >validation? Nope. My base security model derives from CoolMUD with a few extensions of my own. Essentially, every object vets its own security. Each individual object deides what messages it will accept, from whom, and how or even if it will respond. Adittionally each method on each object similarly controls and vets what messages it will accept yada yada. The base security API's are accept() and reject(). Accept() takes two arguments, the ObjectID in question (usually the originator of the message, but can be anything), and a list of ObjectIDs. Accept() will raise ERR_REJECTED exception if the inheritance tree of the first object does not intersect any of the objects listed in the second argument. Reject() operates identically except that the exception is raised if the object's inheritance tree does intersect the list. Every object has a postman() method. The postman() method is responsible for accepting()ing or rejecting() all messages that arrive at an object. Many methods in their agument validation section also have accept()/reject() statements to more finely control what objects they will manipulate. The other corner of the secutiry triangle rests on the fact that a child may only inherit from a parent if the parent allows it. I do not allow free inheritance. It is up to the parent to rule whether or not it will accept tha parent. Ditto for disinheritance. How this impacts free user programming is that all newly created objects auto-inherit from $NEW_OBJECT. Nobody but an admin can remove that inheritance ($NEW_OBJECT refuses to release the child). Objects can also inherit from $VALIDATED_OBJECT (again, only admins can do this) if its needed to create an object which is still a $NEW_OBJECT but needs to be able to do a little more. This makes it simple for combat code for instance to refuse messages from $NEW_OBJECTs. You can club the red dragon over the head all you want with your newly programmed 50,000hp wet noodle, but the combat code for the dragon will not allow allow any damage to be levied against the dragon for each blow. Note however that you can also program up a mega-strong dragon of your own (also a $NEW_OBJECT) and have the above wet noodle be very effective in killing it. I know this is a frightful abuse of inheritance, but it seems to work. >This is of interest for me, since I'm embedding a >language into the world that will allow complete manipulation of all >aspects of it, and the whole place becomes richer if anyone can come >along and implement something cool. Precisely. >Security becomes the biggest >issue, methinks, and with my language (at the moment, I intend to use >Perl) there are a lot of nasty things users shouldn't do that are >perfectly legal if you're an admin. I keep looking at using a pre-existant language for my server, with PIKE and REXX being the main candidates, but I've yet to find one I think I could be happy with both for learning curve for new users, and feature set. BTW Have you looked at PerlMUD? -- J C Lawrence Internet: claw#null,net (Contractor) Internet: coder#ibm,net ---------------(*) Internet: clawrenc#cup,hp.com ...Honorary Member Clan McFUD -- Teamer's Avenging Monolith... </PRE> <!--X-Body-of-Message-End--> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <ul compact><li><strong>Follow-Ups</strong>: <ul> <li><strong><A NAME="00281" HREF="msg00281.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong> <ul compact><li><em>From:</em> Shawn Halpenny <malachai#iname,com></li></ul> </UL></LI></UL> <!--X-Follow-Ups-End--> <!--X-References--> <UL><LI><STRONG>References</STRONG>: <UL> <LI><STRONG><A NAME="00223" HREF="msg00223.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></STRONG> <UL><LI><EM>From:</EM> Shawn Halpenny <malachai#iname,com></LI></UL></LI> </UL></LI></UL> <!--X-References-End--> <!--X-BotPNI--> <UL> <LI>Prev by Date: <STRONG><A HREF="msg00260.html">Re: [MUD-Dev] (fwd) Re: Issues from the digests and Wout's list</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg00262.html">Re: [MUD-Dev] Re: Verb binding</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg00223.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg00281.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="index.html#00261"><STRONG>Date</STRONG></A></LI> <LI><A HREF="thread.html#00261"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> <ul><li>Thread context: <BLOCKQUOTE><UL> <LI><STRONG>Re: [MUD-Dev] Re: Issues from the digests and Wout's list</STRONG>, <EM>(continued)</EM> <ul compact> <ul compact> <ul compact> <LI><strong><A NAME="00194" HREF="msg00194.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, clawrenc <a href="mailto:clawrenc#cup,hp.com">clawrenc#cup,hp.com</a>, Thu 24 Apr 1997, 06:26 GMT <UL> <LI><strong><A NAME="00200" HREF="msg00200.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, Shawn Halpenny <a href="mailto:malachai#iname,com">malachai#iname,com</a>, Thu 24 Apr 1997, 21:30 GMT <UL> <LI><strong><A NAME="00214" HREF="msg00214.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, clawrenc <a href="mailto:clawrenc#cup,hp.com">clawrenc#cup,hp.com</a>, Fri 25 Apr 1997, 12:52 GMT <UL> <LI><strong><A NAME="00223" HREF="msg00223.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, Shawn Halpenny <a href="mailto:malachai#iname,com">malachai#iname,com</a>, Fri 25 Apr 1997, 23:39 GMT <UL> <LI><strong><A NAME="00261" HREF="msg00261.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, clawrenc <a href="mailto:clawrenc#cup,hp.com">clawrenc#cup,hp.com</a>, Mon 28 Apr 1997, 23:34 GMT <UL> <LI><strong><A NAME="00281" HREF="msg00281.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, Shawn Halpenny <a href="mailto:malachai#iname,com">malachai#iname,com</a>, Tue 29 Apr 1997, 21:10 GMT <UL> <LI><strong><A NAME="00295" HREF="msg00295.html">Re: [MUD-Dev] Re: Issues from the digests and Wout's list</A></strong>, clawrenc <a href="mailto:clawrenc#cup,hp.com">clawrenc#cup,hp.com</a>, Wed 30 Apr 1997, 02:53 GMT </LI> </UL> </LI> </UL> </LI> </UL> </LI> <LI><strong><A NAME="01059" HREF="msg01059.html">Room-based vs. coordinate-based</A></strong>, Alex Oren <a href="mailto:alexo#bigfoot,com">alexo#bigfoot,com</a>, Tue 03 Jun 1997, 01:02 GMT <UL> <LI><strong><A NAME="01096" HREF="msg01096.html">Re: [MUD-Dev] Room-based vs. coordinate-based</A></strong>, Adam Wiggins <a href="mailto:nightfall#inficad,com">nightfall#inficad,com</a>, Tue 03 Jun 1997, 19:31 GMT </LI> </UL> </LI> </UL> </LI> </UL> </LI> </UL> </LI> </ul> </ul> </ul> </LI> </UL></BLOCKQUOTE> </ul> <hr> <center> [ <a href="../">Other Periods</a> | <a href="../../">Other mailing lists</a> | <a href="/search.php3">Search</a> ] </center> <hr> </body> </html>