Security System

Something I postponed a bit in the development cycle is the security system. The original PCBoard system mostly used the security level to check if something is allowed or not. For some commands let's say the page sysop 'o' there were special flags like start/stop times.

This is very easy to set up but has limits. For example it's not possbile that I want to be paged from 09:00-17:00 but only weekdays or let's say Wednesday only to 12:00.

Remote access solved that with adding DOW page start/stop times:

Remote Access Page Sysop hours

 And RA had something like user flags, minimum age options:

Remote Access Message Area Flags

The flags system gives the opportunity to give access with another system than the security level. This is useful for let's say to give access to a hidden file area. Let's say "source codes" and use the security level for access to certain commands for the BBS. This gives more flexibility than modelling the access just with the security level. 

The question is what should be done in icy board in this area?  There is a trade-off between easyness to set up and the flexibility the system offers. I did choose the more flexible system because I think this is more in the spirit of PCBoard. 

And the most flexible system are expressions. I made an expression subsystem that's close to PPL for checking the security.

Let's say I want to check for minimum security of 50 the expression would be:

U_SEC() >= 50

Or the Page Sysop Times from above would be:

 00:00 <= TIME() && TIME() <= 23:59

 The downside is that the expression string can become quite large, for example to page only weekdays the DOW needs to be checked: 

 (00:00 <= TIME() && TIME() <= 23:59) && DOW() > 1

 The DOW() and here the issues begin - you need to know how the DOW function works. It starts from Sunday == 0 - which is how the PPL DOW function works. But icy_board needs to have an expression editor for its config tool at some point to make it easier to discover & describe functions.

Working with Access is surely one of the higher level features of a BBS system and the approach I chose is something for software developers, but as said I value flexibility over easiness. Any thoughts?

Flags

I wanted something like the flag system back when I switched from RA to PCboard. My understanding of security level was to use that for setting up/dl limits, time limits etc. and using flags for access.

IcyBoard wont have flags because there is something better: Groups. UNIX is using groups for solving exactly this problem. The icy board groups file therefore looks like the UNIX groups file:
 
sysop:System Operators: SYSOP
users:Common Users: Mega Uploader, Leecher, Cool Guy, Hackbert
hidden_area:: SYSOP, Mega Uploader

Each group just has a name, description and comma separated list of the user name of the members. Nothing else.

If you want to give access to let's say only sysops the expression would just be:

 GROUP("SYSOP")

I think this is more handable than the flags system which Remote Access used.

Open question is if the Groups file should contain the list of users like Unix does or if the Users should have a list in which groups they are member of. Doesn't matter that much but in the latter case it's easier to delete a user. But in the group file it's easier give an overview of the members of the groups - however the list can become quite large.

Any input on that? For the config tools it doesn't matter much - it's just when using an text editor for altering the config files where it really matters.

Comments

Post a Comment

Popular posts from this blog

Icy Board Menu System

Image
PCBoard had a built in menu system - there were several hooks where a .mnu file could be used instead of a display file or .ppe. IcyBoard will support custom menus as well the .mnu files get translated to icyboard menu files and there is an editor "mkicbmnu" to edit them. MKICBMNU    The original one: MKPCBMNU The general idea a menu system like RemoteAccess/MysticBBS. The original menus supported hot keys and commands. IcyBoard menus will add lightbars on top of these.  The commands are more complex than the original PCBoard commands, therefore the setup is a bit different. And has two parts - a command list: Command list And a setup screen where the command can be set up: Setup screen For lightbars the commands need to display a selected/non selected text. For the other types display & highlight text can be empty. Each command has an action list attached these actions can run on selection or activation.  This command has 3 actions - gotoxy & print text whic...
Read more

Configuration tools

One thing I wanted to have for Icy Board are console configuration tools. PCBoard was a complex system so it did split up configuration in several parts.  So does IcyBoard. This blog post gives an overview of the various tools. mkicbmnu For creating & changing menu files - I've used that in the demo of the menu system.  mkicbtxt   This one is used for changing the BBS display strings. Every string the BBS displays is stored in a icbtxt.toml file (or pcbtxt). IcyBoard usually uses the .toml format so it's possible to use an ordinary text editor for everything.  However I prefer config tools :).Note: mkicbtxt can be used to change PCBTXT files as well. It doesn't alter the format. icbsetup Icbsetup is the main configuration utility. All BBS options, conferences, file & message areas can be configured with this tool. IcyBoard inherits a complex structure from PCBoard to work with and ads some more options on the pile. The main file is "icyboard.toml" whic...
Read more

File Processing

The file handling won't be much different than that from PCBoard. However I need to research the PPEs for a final decision :). Internally it'll be different. PCBoard works basically just with a text file. IcyBoard will have a more database like approach. I want to provide a file scanner/repacker to work with file bases. It should support the most common formats out of the box. I want to provide as much code in Rust as possible which is a problem in that area. That's why I've begun working on compression algorithms. I ported zip compression methods Shrink, Reduce and Implode to zip-rs (excellent blog post about these methods are here: https://www.hanshq.net/zip2.html). I've implemented an ARJ decompressor and started working on ARC. There seems to be a working RAR library that I can just use as well as LZH/LHA. So it'll support 7Z, ZIP, ARJ, RAR, LHA/Z and ARC out of the box. The rest needs to be done with external packers. If you think that I need to support ano...
Read more