Page 2 of 2
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 27 Aug 2009, 18:30
by TradeMark
SirMaverick wrote:Wombat wrote:nope, its not fixed yet, its still possible to take com by specs ^^
Fixed in Spring. Needs lobby support.
wait... how it is fixed if different lobbies can still use this exploit?
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 27 Aug 2009, 18:43
by SirMaverick
TradeMark wrote:SirMaverick wrote:
Fixed in Spring. Needs lobby support.
wait... how it is fixed if different lobbies can still use this exploit?
I didn't say the issue is fixed. I said it's fixed in Spring. The mechanism to solve it are there.
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 27 Aug 2009, 18:55
by SirMaverick
lurker wrote:It does need lobby support, not just using the rules table? Okay then. I'll commit to putting in the rather simple server support within 24 hours of any lobby being ready for it. If you want it first then you tell me exactly what data to send in what format and you'll get that, too. We need this to get done.
Doesn't that need a general update of all lobbies and autohosts?
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 27 Aug 2009, 19:12
by lurker
no
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 27 Aug 2009, 23:19
by SirMaverick
lurker wrote:no
Then how does this work? Who distributes the passwords?
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 27 Aug 2009, 23:52
by Auswaschbar
SirMaverick wrote:lurker wrote:no
Then how does this work? Who distributes the passwords?
My idea was:
A client joins a game, generates temporary password, and sends it secretly to the host. The host then fills the password in the script.txt, and voila, all lobbies who support it have password protected join (when the host supports it, too).
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 28 Aug 2009, 00:02
by BrainDamage
client side sends: SENDJOINTOKEN password\n
host side recieves: JOINTOKEN username password\n
i can implement it in a couple mins
Re: [Solved (in 0.80) ] Hacking : taking control of a player
Posted: 28 Aug 2009, 01:03
by lurker
Followup: We're probably going with
SETCLIENTSCRIPTTAGS password=blah
CLIENTSCRIPTTAGS [name] password=blah