Top Mud Sites Forum - View Single Post

camlorn · 09-27-2011, 12:33 PM

Ok, a few misconceptions about logs that need clearing up (this doesn't refer to you dentin).
All files are bytes on your hard drive. I can alter anything about it, including change histories. I have seen tools that go so far as to let you erase parts of the hard drive by byte addresses, and the windows api has a ton of functions to change last modified dates; not to mention, i've had a lot of oddities with that anyway.
If you want to be absolutely sure you're not getting fake logs, make certain things markers; if you say that any log submitted must have color codes recorded in it to be even considered as real, you can use that as a verification. Alternatively, a modification on the previously stated, make a plugin:

So, essentially, if you want players to be able to have and view logs with little chance of faking, use encryption. If you use public and private keys, you can encrypt the log with the public one and send it to the player via a plugin in your favorite mud client; there's now virtually no way for the average player to modify it. For viewing, a web interface that lets you send it to a script with the private key for decryption is an option; there's probably a security hole in this, but most players wouldn't even know what is going on. For common logs to be shared, don't use it, but it makes a way to give logs to players for archival purposes, in case they want an offline copy of any log the server's holding; in this system, the player can be responsible for keeping the log. A word of note, one of the keys has to remain private, or the whole system comes crashing down.

09-27-2011, 12:33 PM	#9
camlorn Member Join Date: Aug 2011 Posts: 144	Re: Using Logs as evidence Ok, a few misconceptions about logs that need clearing up (this doesn't refer to you dentin). All files are bytes on your hard drive. I can alter anything about it, including change histories. I have seen tools that go so far as to let you erase parts of the hard drive by byte addresses, and the windows api has a ton of functions to change last modified dates; not to mention, i've had a lot of oddities with that anyway. If you want to be absolutely sure you're not getting fake logs, make certain things markers; if you say that any log submitted must have color codes recorded in it to be even considered as real, you can use that as a verification. Alternatively, a modification on the previously stated, make a plugin: So, essentially, if you want players to be able to have and view logs with little chance of faking, use encryption. If you use public and private keys, you can encrypt the log with the public one and send it to the player via a plugin in your favorite mud client; there's now virtually no way for the average player to modify it. For viewing, a web interface that lets you send it to a script with the private key for decryption is an option; there's probably a security hole in this, but most players wouldn't even know what is going on. For common logs to be shared, don't use it, but it makes a way to give logs to players for archival purposes, in case they want an offline copy of any log the server's holding; in this system, the player can be responsible for keeping the log. A word of note, one of the keys has to remain private, or the whole system comes crashing down.