Security
----------------------------------------------------------------------------

As it stands, OscliD offers a very insecure system.  Anyone with technical
knowledge, or the "roscli" utility can send commands across a local network,
or even the Internet!  OscliD offers facilities to combat this, in the form
of two lists, one called the "allow list" and one called the "deny list".
The allow list contains computers and networks who are explicity allowed
to execute commands on your computer.  The deny list contains computers and
networks who are denied access.  The allow list takes priority over the
deny list.

 The lists work like this: when a *command arrives, OscliD examines it
before executing it.  If it finds that it came from a computer covered by
something in the allow list, it executes the command regardless of what is
in the deny list.  If it finds the computer covered by something in the deny
list, it refuses to execute the command.  If the computer is not mentioned
in either list, it executes the command anyway.

 The entries stored in the allow and deny lists are *partial* IP addresses.
If the part mentioned in the list matches up with a full IP address, then
a match is found.  For example:

    * "192.168.0" would match anything with 192.168.0 on the front,
      e.g. 192.168.0.1;
    * "1" would match anything with 1 on the front, e.g. 1.3.5.3;
    * "158.152.1.65" would match *only* the computer "158.152.1.65"
      as all the nibbles have been specified;
    * "*" would match any computer.

 To add entries to the allow and deny list, use the *commands *OscliD_Allow
and *OscliD_Deny, followed the partial IP address you want to add.  (In a
future release you may be able to specify hosts and networks by name,
contained in the InetDBase:Hosts and InetDBase:Networks files.)

 So, let's say there was a "hostile" network 12.40.20, where the computers
on it were likely to send *commands designed to crash your computer.  So,
you deny all commands sent from this network, by typing

    *OscliD_Deny 12.40.20

 So no more *commands from that network will be executed on your computer.
Now, let's say that you had one "trusted friend" on this network, whose
IP address was 12.40.20.3, and you wanted to give him access.  You add
him to the allow list by typing

    *OscliD_Allow 12.40.20.3

and because the allow list takes precedence over the deny list, he (and
only he) would be allowed access, but anyone else in the network would be
denied.

 There are a few specialities -- using "*" as the IP address includes *all*
machines.  So, a typical setup would be

    *OscliD_Allow 158.152.1.3    (a trusted friend)
    *OscliD_Allow 192.168.3.5    (another trusted friend)
    *OscliD_Deny *               (everyone else can go stuff themselves)

where all computers are denied access apart from the two mentioned in
"Allow".

 Finally, if you want to see the contents of either of the allow or deny
lists, just type on its own "*OscliD_Allow" or "*OscliD_Deny".  You will
probably want to create an obey file somewhere in your boot up sequence
containing a series of Allow/Deny commands.  My file reads thus:

    | OscliD security setup
    OscliD_Allow 192.168.0
    OscliD_Deny *
