[vworld-tech] Modern MUD server design

[Mike Shaver]

On Jan 22, Brian Hook wrote:
> > However, in conjuction with the tight sandbox previously mentioned,
> > you can have scads of level developers writing masses of scripts
> > and never once worrying that one person will be introducing a show
> > stopper, or becoming a gating item for the rest.
> 
> The problem here is that you need to make sure that your language 
> actually supports both security and cycle policies, and I know that, 
> at least, Lua does not support this.
> 
> Which means it just takes one guy doing:
> 
> while true
> end
> 
> to toast the whole system =/  

This is something that the Mozilla JS engine (distinct from the njs one
featured in the GCLS page) has explicit support for, from its heritage
running possibly-hostile code from the web.  You can configure a
callback for every N cycles of script execution (backward jumps and
function returns, actually) which can then terminate the script or let
it continue, according to whatever policy.  Navigator 4 used to pop up a
dialog letting the user cancel the script, for example, and other
embeddings have used that callback along with a user-level/setjmp-based
threading system to ensure that a single script didn't monopolize the
system.

As far as security goes, there are hooks for principal checking of both
objects and scripts, which effectively delegate control to the embedding
environment.  The API is somewhat complex, due to the need to support a
fair variety of security policies, but it's served a number of embedders
quite well.

I'm deeply biased, as one of the secondary authors of the Mozilla
engine, but I know at least one MUD developer is using it to good
success.  (He can out himself if he chooses; I know he's on the list.)

Mike