[MUD-Dev] Scripting languages

Mark 'Kamikaze' Hughes kamikaze at kuoi.asui.uidaho.edu
Mon Jun 30 22:07:34 New Zealand Standard Time 2003

Mon, Jun 30, 2003 at 11:39:06AM -0600 in
<BF6C3010-AB21-11D7-B4CF-0003938094E8 at bearnip.com>, Lars Duening
<lars at bearnip.com> spake:
> On Sunday, June 29, 2003, at 04:11 AM, Mark 'Kamikaze' Hughes wrote:

>> There are security and malware questions in using *any*
>> general-purpose programming language for scripting; if you can't
>> violate security or create an infinite loop within the language
>> proper, you can overrun buffers, or find some other abuse.  There
>> have been known security holes in Lua, as well.  And on the
>> gripping hand, it doesn't matter, because the only people you'll
>> normally allow to write full scripting code *are* trusted admins.
>> The MUDs where this is not the case are fairly unusual, and
>> already have their own scripting languages.

> Which of course is another reason as to why a Mud authors might
> want to implement their own scripting languages (and I wouldn't
> call the LP/MOO muds 'unusual').

All of the LPMuds I've played on only allowed wizards to edit
anything.  I've played on, I think, only two MOOs; and one allowed
universal editing but had a closed and trusted userbase, the other
only let admins edit.  All of those were fairly "normal"--they
weren't too dissimilar from the Dikus and Circles I mainly used to
play.  The few times I've tried MUSHes, it was chaos; it certainly
wasn't the same kind of experience as other MUDs.  That counts as
"unusual" in my book.

If you don't trust someone, my first instinct is to not give them
scripting access.  If you do give them scripting access, they can
break your system if they so choose.  Making a custom language won't
stop that.  Only social solutions will work.

 <a href="http://kuoi.asui.uidaho.edu/~kamikaze/"> Mark Hughes </a>
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list