JackZipper Posted May 29, 2010 Posted May 29, 2010 Hello, i post the following idears because on our server ( Vio Reallife ) there were massive cheating attacks, for e.g. they modified the clientsite files or turned it off / load their own files to change their elementDatas. To prevent this, 3 things would be very usefull: 1. onElementDataChange: A possibility to check who changed the ElementData, if it was a client or the console 2. A possibility to reload files clientside 3. Something to check if the files have been modified, for e.g. a total-hash of all files Sry for my bad english...
eAi Posted May 29, 2010 Posted May 29, 2010 Files are already locally hashed, though this isn't secure. This is why we suggest that you never trust client-side scripts - put important logic server-side, and limit what clients can do.
JackZipper Posted May 30, 2010 Author Posted May 30, 2010 First of all, thanks for the quick reply, i'm on it to bring up my script back to a secure level, but to put some features like an anticheat serverside would be very bad... As i said, a simple onElementDataChange-Event with the one who changed the elementData would help a lot... Also, it would be great to get to know who triggers a Server-Side event - these cheaters on my server used my anticheat to ban other players...
eAi Posted May 30, 2010 Posted May 30, 2010 I believe that events triggered using triggerServerEvent do pass the player that triggered them as a hidden argument. I can't remember what the name is though - maybe sourcePlayer or sourceClient or something?
JackZipper Posted May 30, 2010 Author Posted May 30, 2010 i'll give it a try and write it down here, if it works - thank you very much! Edit: Found this in the wiki: client: the client that triggered the event using triggerServerEvent. Not set if the event was not triggered from a client. Edit2: Usefull, but i still don't have any possibility to check who changed an element Data...
eAi Posted May 30, 2010 Posted May 30, 2010 So, don't rely on element data for syncing important things. This isn't ideal, and I think improvements can be made here, but the basic principle is - Don't Trust The Client. Ever. It always will be too - we can't check or guarantee that the client is running legitimate code.
JackZipper Posted May 30, 2010 Author Posted May 30, 2010 Thanks for your help, the biggest problems are solved now - no more Element Data and a possibility to check who triggered an event. Keep up the good work - 1.04 and of course 1.1 seem to be great on the first view, can't wait to try out the features!
darkdreamingdan Posted May 30, 2010 Posted May 30, 2010 onElementDataChange passes a 'client' variable which says who modified the element data, as of 1.0.4. You can safely upgrade your server to a nightly to take advantage of this.
Recommended Posts