At 10:34 AM +0000 12/7/04, Neil Fraser wrote:
Garance A Drosihn wrote:
One thing I'd like to put into our snapshot of MOO are the
changes for 'waifs', that Ben had done.
Be careful with WAIFs. They constitute a severe and virtually
unfixable security risk when used on an existing DB. Legacy
code is not accustomed to dealing with this value type.
It took me half an hour to hack a wizbit on Moo Canada when WAIFs
were installed there.
WAIFs might be cool if you're building a Moo database from scratch,
but I definitely don't recommend inserting them into an existing
database.
Interesting.
Well, in our case all the MOO-code is written by "us" (the admins),
and not the end-users. The end users are just sending messages to
each other, and to discussions (which are groups of users). So, I
don't think waifs will be as much of an exposure for us.
Still, that does probably mean that if some new MOO code were to
arise, it should make the waifs-capability as optional. Something
someone would have to explicitly turn on, perhaps.
--
Garance Alistair Drosehn = [EMAIL PROTECTED]
Senior Systems Programmer or [EMAIL PROTECTED]
Rensselaer Polytechnic Institute or [EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
