[Solved (in 0.80) ] Hacking : taking control of a player

[TradeMark]

nope, its not fixed yet, its still possible to take com by specs ^^

Fixed in Spring. Needs lobby support.

wait... how it is fixed if different lobbies can still use this exploit?

[SirMaverick]

Fixed in Spring. Needs lobby support.

wait... how it is fixed if different lobbies can still use this exploit?

I didn't say the issue is fixed. I said it's fixed in Spring. The mechanism to solve it are there.

[SirMaverick]

It does need lobby support, not just using the rules table? Okay then. I'll commit to putting in the rather simple server support within 24 hours of any lobby being ready for it. If you want it first then you tell me exactly what data to send in what format and you'll get that, too. We need this to get done.

Doesn't that need a general update of all lobbies and autohosts?

[lurker]

no

[SirMaverick]

no

Then how does this work? Who distributes the passwords?

[Auswaschbar]

no

Then how does this work? Who distributes the passwords?

My idea was:
A client joins a game, generates temporary password, and sends it secretly to the host. The host then fills the password in the script.txt, and voila, all lobbies who support it have password protected join (when the host supports it, too).

[BrainDamage]

client side sends: SENDJOINTOKEN password\n
host side recieves: JOINTOKEN username password\n

i can implement it in a couple mins

[lurker]

Followup: We're probably going with
SETCLIENTSCRIPTTAGS password=blah
CLIENTSCRIPTTAGS [name] password=blah