Quote Originally Posted by 'Blubber',index.php?page=Thread&postID=56976#post5 6976
Is it possible to use LibRpc to allow or disallow a third client via libtrust, in other words, can I use LibRpc to remotely manipulate libtrust? If so, it might be a bit of a security concern. (Could just read the code, but asking is more fun :]).
Oops, missed one! Yeah, you could manipulate the LibTrust settings remotely via LibRpc, but only if you have sufficient permissions. If you just do "/trust allow <main>" on your clones then you've granted full trust. At that point the main can already run whatever remote API he wants, so there's no point in trying to hack the LibTrust settings.

You could also enable finer-grained security settings: "/trust allow <main> <api>" or "/trust deny <main> <api>". If you only allow the specific APIs that you need then you probably could lock down things enough that it wouldn't be possible to manipulate the trust settings remotely. You'd have to be careful though because LUA provides ways to create and run code on the fly. On the whole I think that trying to lock things down beyond which chars you trust is probably overkill.