Top Mud Sites Forum - View Single Post

thelenian · 06-15-2002, 02:49 AM

The problem with this is you would need to have some kind of secure shared secret on all MUDs that implement this protocol. If all transmitted in plaintext (which I strongly suspect), this would easily allow someone to spoof you with a man-in-the-middle, or simply impersonate a trusted server... if your PTP even has trusted server authentication of some sort.

I'm assuming that, by allowing intermud clans, you also give the PTP daemon the access permissions necessary to update the pfiles. If you do, someone could easily spoof all the MUDs on your network and completely wipe your pfiles... and there would be nothing you could do about it.

Something like this is a security nightmare, and probably not quite worth the hassle.

Don't get me wrong, stuff like this is a cool in concept, but it just happens to be very difficult to translate into reality. If you're really serious about going ahead on this project, I would suggest that you change it to PTP over SSH2, at which point much of the security concerns are eliminated. Resolving the race conditions that will arise, however, is the hard part.

06-15-2002, 02:49 AM	#2
thelenian Member Join Date: Apr 2002 Posts: 122	The problem with this is you would need to have some kind of secure shared secret on all MUDs that implement this protocol. If all transmitted in plaintext (which I strongly suspect), this would easily allow someone to spoof you with a man-in-the-middle, or simply impersonate a trusted server... if your PTP even has trusted server authentication of some sort. I'm assuming that, by allowing intermud clans, you also give the PTP daemon the access permissions necessary to update the pfiles. If you do, someone could easily spoof all the MUDs on your network and completely wipe your pfiles... and there would be nothing you could do about it. Something like this is a security nightmare, and probably not quite worth the hassle. Don't get me wrong, stuff like this is a cool in concept, but it just happens to be very difficult to translate into reality. If you're really serious about going ahead on this project, I would suggest that you change it to PTP over SSH2, at which point much of the security concerns are eliminated. Resolving the race conditions that will arise, however, is the hard part.