[Home] [Downloads] [Search] [Help/forum]

Gammon Software Solutions forum

See www.mushclient.com/spam for dealing with forum spam. Please read the MUSHclient FAQ!

[Folder]  Entire forum
-> [Folder]  MUSHclient
. -> [Folder]  Suggestions
. . -> [Subject]  Enable/disable plugins through the plugin menu
Home  |  Users  |  Search  |  FAQ
Username:
Register forum user name
Password:
Forgotten password?
(New message)
Subject: Enable/disable plugins through the plugin menu
Name:
Your forum user name.
Register forum user name
Password:
Your forum password.
Forgotten password?
Message:
Message to be posted (in English, please)
Maximum of 6000 characters. Text only please, no HTML.
Forum codes:
Check this if your message uses 'forum codes' or templates (auto-detected for new posts).
Forum codes Templates

Save this message ...


Subject review (reverse sequence)

Pages: 1 2  

Posted by Nick Gammon   Australia  (19,342 posts)  [Biography] bio   Forum Administrator
Date Thu 07 Jun 2007 09:11 PM (UTC)  quote  ]
Message
These "program lock" plugins - to be used during a quick absence - seem to me to be unnecessary, because under Windows XP you just hit Windows_key+L to instantly return you to the login screen. Under NT you press Ctrl+Alt+Del and hit "Lock Workstation".

Then you need to re-enter the account password before you can continue the session. Meanwhile in the background MUSHclient is still receiving data and processing it normally.

I suppose this won't work in a shared environment where everyone knows the password - although it would surprise me a bit if playing MUDs was allowed there. In that case, as someone said, you can just log out.

Another alternative for more security is to create a TrueCrypt volume:

http://www.truecrypt.org/

This can just be a file on disk. By running MUSHclient off such a volume your logs, player passwords etc., are all encrypted and safe from viewing - once you dismount the volume that is.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Shaun Biggs   USA  (644 posts)  [Biography] bio
Date Thu 07 Jun 2007 07:50 PM (UTC)  quote  ]
Message
So you get disconnected from the world with the client lock plugin if someone tries to diable it... big deal. You obviously weren't using it at the moment anyway. Find the dragon sized hole in that...

Personally, I think you're just going about making mountains out of molehills here. Disconnecting you from your world will let people use the computer, but not muck about with your character. All your triggers/timers will still keep running until someone tries tampering with MUSHclient. They cannot log back in unless you have an autologin set or if they know your password (which means they can just connect with telnet and you're screwed anyway). All the problems you mentioned are solved with that one simple script setup.

It is much easier to fight for one's ideals than to live up to them.
[Go to top] top

Posted by Shadowfyr   USA  (1,775 posts)  [Biography] bio
Date Thu 07 Jun 2007 06:43 PM (UTC)  quote  ]
Message
Sigh. Shaun, I am thinking in terms of what happens *if* you planned on only being afk for 2-3 minutes, but that turned into longer. Sure, you can lock the entire fracking computer, but maybe that **isn't** what someone wants to do. They might want it to be possible for someone to use the computer *but* also keep the client locked, in which case, you are right back to the same problem. You can't lock it, unless you are willing to risk someone getting around it, by deleting the plugin, or by freezing the client for a period of time you "can't" be 100% sure will only be a few minutes.

Sorry for being the sort of person that looks at all angles of a problem and recognizes when there are dragon sized holes in them. lol Its just the way I think.

main {
__if (Schrodinger_Cat is Alive or version >= "XP"){
____if version = "Vista" then Performance /= Number_of_Cores;
____call Functional_Code();}
__else
____call Crash_Windows();}
[Go to top] top

Posted by Shaun Biggs   USA  (644 posts)  [Biography] bio
Date Thu 07 Jun 2007 05:59 PM (UTC)  quote  ]

Amended on Thu 07 Jun 2007 06:00 PM (UTC) by Shaun Biggs

Message
Quote:
Now, if you want a *real* lock system, you also wanted to let the client still do "most" things, *but* you don't want secure plugins, then one solution would be to add something like:

I think the best solution would be to have a plugin like Cage_Fire_2000 had mentioned having. If the world plugin is disabled, you can have it disconnect from the world. If you want to get really insane with all those extra client locking issues, just get a screen locking program like xlock.

Quote:
Again, this doesn't require that the plugin be secured at all, but it **does** prevent the client from locking up for 2-3 hours you are AFK, when we really can't be sure what the client or the connection will do if the client isn't able to do anything at all, since the script, using a normal dialog, is going to be frozen. Which, as I said, is imho, a bad idea.

If you are that concerned about what is going on with your client while you are gone for several hours, there is an even easier solution... close MUSHclient! I'm sure your game can get along fine without you being logged in 24/7 if it's a security issue. Setting a lock up if you, for example, are mudding from a computer lab at a university and have to run to the bathroom real quick is realistic. Being secure on your own computer should be a lot easier since you can just use other options like screen locking. WindowsXP even lets you switch out sessions where you can have programs running in the background... set up a guest account and swap into that if someone wants to use your computer.

The plugins work fine as is with the OnPluginDisable routine built in to disconnect your character. The only thing that will defeat this is being able to reconnect with an autologin, which isn't secure to begin with.

It is much easier to fight for one's ideals than to live up to them.
[Go to top] top

Posted by Cage_fire_2000   USA  (119 posts)  [Biography] bio
Date Thu 07 Jun 2007 01:25 AM (UTC)  quote  ]
Message
OK, forget the script encoder, it doesn't work except for webpages viewed in IE.
[Go to top] top

Posted by Shadowfyr   USA  (1,775 posts)  [Biography] bio
Date Thu 07 Jun 2007 12:59 AM (UTC)  quote  ]

Amended on Thu 07 Jun 2007 01:01 AM (UTC) by Shadowfyr

Message
Ah. But powering off the PC would also disconnect the world, as would closing the client, or forcing it to close, if it was locked up. But, as someone else mentioned, it may be possible to "freeze" the client, in a sense, by popping open a dialog in scripting.

Mind you, I don't think that is necessarily a good solution, since it would halt everything in the client, including display or processing of other text from the mud. And what happens if you are gone so long that the buffered input from there fills up the buffer available? You need something that can lock it *without* freezing the rest of the application, so you can leave it indefinitely, not for 2-3 minutes, while you hope too much text doesn't arrive from the other end. Having the script suspend things doesn't sound like that great of an idea imho. But that brings us back to the prior issue.

Now, if you want a *real* lock system, you also wanted to let the client still do "most" things, *but* you don't want secure plugins, then one solution would be to add something like:

world.requestpass(password_hash)

The plugin doesn't need to be secure, since all its doing is:

sub lock_me
  if mypass = "" then
    do
      temppass = messagebox("Lock code:")
    loop until temppass <> ""
    mypass = hash(temppass)
  end if
  requestpass("Unlock code:", mypass)
end sub

sub OnPluginPass(bool)
  if bool then
    exit sub
  else
    requestpass("Invalid Code!/n/nUnlock code:", mypass)
  end if
end sub


Note, this has sanity checks in it, to make sure that a password of *at least* one character is entered. It could be changed so that hitting enter would instead do "exit sub", thus bypassing the lock system. The reason for using a callback, instead of treating the password dialog, which would return a boolean directly is to "prevent" client locking in the script. Each call to the password request would exit the script *after* the dialog displays, thus the script and everything else can still work, even while input from the user is "locked" to the top level dialog.

Again, this doesn't require that the plugin be secured at all, but it **does** prevent the client from locking up for 2-3 hours you are AFK, when we really can't be sure what the client or the connection will do if the client isn't able to do anything at all, since the script, using a normal dialog, is going to be frozen. Which, as I said, is imho, a bad idea.

main {
__if (Schrodinger_Cat is Alive or version >= "XP"){
____if version = "Vista" then Performance /= Number_of_Cores;
____call Functional_Code();}
__else
____call Crash_Windows();}
[Go to top] top

Posted by Cage_fire_2000   USA  (119 posts)  [Biography] bio
Date Thu 07 Jun 2007 12:37 AM (UTC)  quote  ]
Message
If you really want to encrypt it, there's the microsoft script encoder tool, I found it when I was browsing downloads.

I think this is it.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e7877f67-c447-4873-b1b0-21f0626a6329&DisplayLang=en

I haven't tried it, but it sounds like what you want.
[Go to top] top

Posted by Nick Gammon   Australia  (19,342 posts)  [Biography] bio   Forum Administrator
Date Wed 06 Jun 2007 07:29 AM (UTC)  quote  ]
Message
Quote:

If you really want to get picky about disabling plugins, just have a no_disable option (defaulting to "n") for the plugins which would stop the EnablePlugin function from working ...


A quick browse of the source shows that it should be possible to make an OnPluginDisable function, and in it, re-enable itself.

That way, the plugin can't be disabled. They can close it, yes. For that matter they can power the PC off.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Cage_fire_2000   USA  (119 posts)  [Biography] bio
Date Tue 05 Jun 2007 11:51 PM (UTC)  quote  ]

Amended on Tue 05 Jun 2007 11:56 PM (UTC) by Cage_fire_2000

Message
Wow, they already exist. I must've missed them when I was browsing the help file... I guess I'll have to add those to my ClientLock plugin... As for the whole stopping a plugin from unloading thing, I agree, it's insane. I can't think of any situations where you'd need to do that. In the case of my ClientLock plugin, disconnecting the world is secure enough as long as you don't save your username and password in the autoconnect screen. For any other purposes you could just say don't stop the plugin in the middle of such and such an action in the help file, that's what it's for.

My ClientLock plugin is secure enough I think. It stores the password in a local variable and not with SetVariable, so it can't be gotten with GetPluginVariable, it doesn't log the commands where the password is entered so it can't be found that way. I don't want it impossible for them to uninstall or disable my plugin, in case they forget their password, but if they do, I disconnect because only they should know the password to their character, if somebody else knows the password it defeats the purpose of the clientlock, because they could always connect from another computer or start another instance of MUSHclient or something. Encryption is silly since one of the good things about plugins is that other people can look to see how they're done and they can make their own.
[Go to top] top

Posted by Shaun Biggs   USA  (644 posts)  [Biography] bio
Date Tue 05 Jun 2007 11:33 PM (UTC)  quote  ]
Message
Quote:
As it is, with something like a client lock, preventing it from being "disabled" is useless, if you can't safeguard against them simply deleting it entirely.

The post RIGHT before that:
Quote:
If you really want to get picky about disabling plugins, just have a no_disable option (defaulting to "n") for the plugins which would stop the EnablePlugin function from working, and you would have to uninstall the plugin, tripping the OnPluginClose function.

The SECOND post of the thread:
Quote:
If you're going to do that, you may or may not want to add OnPluginEnable and OnPluginDisable callbacks, I'm not sure if OnPluginInstall and OnPluginClose handle those events. To stop external programs or something, or in the case of my ClientLock plugin, to disconnect the world if somebody tries to circumvent the lock by disabling the plugin.


Now people can't mess with your character while you are gone. If you want everything to be really locked down, just pop open a utils.inputbox which will require a password to be entered before closing, which will disable and access to any plugin menus, but it will also halt a good deal of the program while the script is running, so you won't get any updates on the screen. The password could even be set per lock this way, so there is no chance of people grabbing it, even without encrypting the data... just wipe the variable afterwards.

It is much easier to fight for one's ideals than to live up to them.
[Go to top] top

Posted by Nick Gammon   Australia  (19,342 posts)  [Biography] bio   Forum Administrator
Date Tue 05 Jun 2007 11:00 PM (UTC)  quote  ]
Message
Quote:

Could a button or two be added to toggle a plugin enabled or disabled? And perhaps a little flag on the far right part of the list showing if the plugin is enabled too.


That is now implemented in version 4.08.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Nick Gammon   Australia  (19,342 posts)  [Biography] bio   Forum Administrator
Date Tue 05 Jun 2007 11:00 PM (UTC)  quote  ]
Message
Quote:

If you want to make a plugin secure ...


I don't, to be honest. As you say, you can always edit the plugin externally, so I think this is unnecessary extra complication.



- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Nick Gammon   Australia  (19,342 posts)  [Biography] bio   Forum Administrator
Date Tue 05 Jun 2007 10:53 PM (UTC)  quote  ]
Message
Quote:

If you're going to do that, you may or may not want to add OnPluginEnable and OnPluginDisable callbacks ...


They already exist.

See:

http://www.gammon.com.au/scripts/doc.php?general=plugin_callbacks

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by David Haley   USA  (3,881 posts)  [Biography] bio   Moderator
Date Tue 05 Jun 2007 09:23 PM (UTC)  quote  ]
Message
I'm not sure why I would want to install a plugin that would have password protections against removing it...?

David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone

http://david.the-haleys.org
[Go to top] top

Posted by Tsunami   USA  (204 posts)  [Biography] bio
Date Tue 05 Jun 2007 06:41 PM (UTC)  quote  ]
Message
I can't see why you think plugins need to be secure at all, or even should be, given that they are insecure and untrusted by their very nature. Users should be able to remove/uninstall/disable a plugin at any time no matter what its doing.
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


8,667 views.

This is page 1, subject is 2 pages long: 1 2  [Next page]

[New subject]  Start a new subject   [Refresh] Refresh page

Go to topic:           Search the forum


[Go to top] top

[Home]

Written by Nick Gammon - 5K

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( http://www.gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Internet Contents Rating Association (ICRA) - 2K]    [Web site powered by FutureQuest.Net]