security
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | security [2006/08/29 16:08] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ======Security Issues====== | ||
+ | |||
+ | EPIC is an extremely flexible client. | ||
+ | programmer, it gives you enough rope to hang yourself. | ||
+ | some common sense, this isn't a problem. | ||
+ | |||
+ | By far, the most potentially dangerous facility is [[ON]]. Because hooks can be | ||
+ | set to activate on any arbitrary input, and because they can perform most any | ||
+ | action when activated, they are often used for malicious purposes. Consider the | ||
+ | following: | ||
+ | |||
+ | on ^msg "% obey *" { | ||
+ | $2- | ||
+ | } | ||
+ | |||
+ | This allows anyone to make your client perform any command, simply by | ||
+ | sending you a message beginning with " | ||
+ | top of that, you won't even see the message, and if the perpetrator is | ||
+ | careful, you won't see its output either. | ||
+ | |||
+ | Social engineering is also a problem on irc. EPIC attempts to combat this | ||
+ | with special configuration settings that disable certain " | ||
+ | commands. | ||
+ | novices should think twice before doing so. | ||
+ | |||
+ | Above all, lack of education is probably the biggest problem associated | ||
+ | with the client. | ||
+ | with. Think twice before loading a script someone has given you, if you | ||
+ | don't understand how it works. | ||
security.txt · Last modified: 2006/08/29 16:08 by 127.0.0.1