Jump to content

Safety


Recommended Posts

Hello,

i post the following idears because on our server ( Vio Reallife ) there

were massive cheating attacks, for e.g. they modified

the clientsite files or turned it off / load their own files

to change their elementDatas.

To prevent this, 3 things would be very usefull:

1. onElementDataChange: A possibility to check who changed the ElementData, if it was a client or the console

2. A possibility to reload files clientside

3. Something to check if the files have been modified, for e.g. a total-hash of all files

Sry for my bad english...

Link to comment

Files are already locally hashed, though this isn't secure. This is why we suggest that you never trust client-side scripts - put important logic server-side, and limit what clients can do.

Link to comment

First of all, thanks for the quick reply,

i'm on it to bring up my script back to a secure level,

but to put some features like an anticheat serverside

would be very bad...

As i said, a simple onElementDataChange-Event with

the one who changed the elementData would help a lot...

Also, it would be great to get to know who triggers a Server-Side

event - these cheaters on my server used my anticheat to ban other

players...

Link to comment

I believe that events triggered using triggerServerEvent do pass the player that triggered them as a hidden argument. I can't remember what the name is though - maybe sourcePlayer or sourceClient or something?

Link to comment

i'll give it a try and write it down here, if it works -

thank you very much!

Edit:

Found this in the wiki:

client: the client that triggered the event using triggerServerEvent. Not set if the event was not triggered from a client.

Edit2:

Usefull, but i still don't have any possibility to check who changed an element Data...

Link to comment

So, don't rely on element data for syncing important things.

This isn't ideal, and I think improvements can be made here, but the basic principle is - Don't Trust The Client. Ever. It always will be too - we can't check or guarantee that the client is running legitimate code.

Link to comment

Thanks for your help,

the biggest problems are solved now -

no more Element Data and a possibility

to check who triggered an event.

Keep up the good work - 1.04 and of course

1.1 seem to be great on the first view,

can't wait to try out the features!

Link to comment
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...