That sounds nice, but if he feels that security is loose enough we could be talking about the equivalence of giving someone shell access, do you really screen your builders enough to trust new builders who may still be essentially complete strangers to grant them full rights to all your code, areas, pfiles, etc? To me trust is earned over time, not given automatically because you feel that I should trust you, especially that degree of trust. :sad:

I would not hire someone I didn't trust, lol. Probably a bad policy in the long run but eh.

You could/should do this using sand-boxing too: replace all such commands with a wrapper command that checks for authorization and flags an error if there is no authorization. You would then catch that error in your normal error handler (which you want with or without sand-boxing) and mark that authorization is required.

The reason why I say that you should do it using sand-boxing is that you can't rely on, say, a text-search of the Lua code. I can construct a string one piece at a time, then evaluate it as Lua code. You wouldn't be able to find all ways of doing so. For example,

eval("o" .. "s" .. "." .. "e" .. "x" .. "i" .. "t" .. "()")

If you had sand-boxing, this wouldn't be a problem at all.

trust… heh, you don't know me do you :P in anycase, with Lua, someone could write a script that deletes my home-dir, or emails them all my stuff, its why even trust cannot be the only thing to prevent these things. pus i am a security freak, all my code is loaded for bear when it comes to security, and i am always looking for more/better ways of doing it. stops imm's from abuse and potentially stops players from expoits.

Kiasyn, I wouldn't hire someone I didn't trust either, but there are degrees of trust too. Just because I trust you enough to grant you access to the building commands on my dev port certainly doesn't mean that I also trust you enough to grant you full access to my shell. Of course, in my own case, I only give even coders access to my CVS repository.. I guess I can relate to Darien a bit, eh? :wink:

I agree with the ideas of degrees of trust; also, it's important to keep in mind that sometimes security isn't an issue of protection from malice but is sometimes an issue of preventing mistakes from having disastrous consequences. You don't necessarily want a novice programmer (or novice builder) playing with commands that can really mess up the MUD (or potentially worse, your files).

trust is the world of the wonderful, but for me, I secure everything, can't live without it, however, my career is that of security, and I was raised by a computer security professional, so that has something todo with it. But with that said, trusting builders with access to Lua is okay, solong as they aren't able to run certain things that could hurt the application. Which is why putting safeguards in = good.

And ultimatly, I don't hire coders, I do it all myself, minus the time I hired Davion, that was a good time :)