Skip to main content

security

Discworld concepts help

security

Security

This help file is intended to provide you, the reader (are you sitting comfortably? Good) with a basic insight into keeping your character secure, and hopefully prevent all but a professional attack on your account here on the Disc.

The most basic, and consequently the most important part of, security here on the Disc is your password. A basic guide to setting and choosing your password can be found in "help password". Essentially, in order for you to gain access to the MUD, you must provide it with some form of identification to get in. The first is your player name, after that, you authenticate this with your appropriately chosen password. If you keep this information safe and secure, and you choose a password known only to you, there is no reason why anyone other than you should be able to access your account.

For professional crackers, there are ways of finding this information, but that is not the kind of attack we are trying to prevent. Obviously, if you have a player name of "bing" and a password of "bing" you are just asking for someone to login using your character and start messing around with what may have taken you a lot of personal time and effort to setup.

More help with choosing an appropriate password can be found in "help password".

The next thing to consider is places where your password might be stored, where other people might gain access to it. For instance, a few MUD clients have the facility to store passwords. Some, such as zMud, allow you store it when you create a new character. If you are accessing the MUD from anything other than your own personal machine, then I would recommend NOT letting the client remember your password for you, and instead, typing it in every time. Even if you are on your home machine, I would recommend this also, as it prevents people logging in as you while you are at Uni/Work.

Tips:

Make sure you've picked a password that will be difficult to "guess", but not so difficult to remember that you forget it yourself! Don't write your password down anywhere obvious, like writing it on a piece of paper on your desk, or storing it in a text file somewhere. For someone who is actively looking to get into your account, that's just too easy to discover.

Next, browsers, here on Disc you can login to the boards from the web, and Internet Explorer will remember your password if you want it too. It's very helpful, but in a public computer room, that also means that the next person who logs in will be able to post as you. A lot of damage can be caused by one abusive post as someone else.

Also, cached information will mean that the next user on may be able to hit "back" and get into the boards that way, pre-authenticated due to the session you have just left.

In general, provided you take steps to keep your password secret. There is no reason why you should ever have to experience the horror of logging in to find that someone has cracked your account, buried all your items, and you've suddenly got an awful lot of enemies that you didn't have before. Nothing will stop a professional cracker, but at least you'll have done your bit.

Access Control

If you login from a static IP address or you know the range of dynamic IPs you login from you can use the access command to restrict the IP addresses that your characters can be logged in from. With this in place even a cracker who knows your password cannot login your character.

See also:

password, access