Results 1 to 10 of 10

Thread: Add server-side validation to any potentially blocked permission.

  1. #1

    Add server-side validation to any potentially blocked permission.

    It's getting pretty tiring having script kiddies joining to gizmo or delete stuff and break tables.

    Everything should be validated on the host. Never trust the client, this is networking 101.

  2. #2
    Quote Originally Posted by my_hat_stinks View Post
    Everything should be validated on the host. Never trust the client, this is networking 101.
    Yeah, it should. There's no reason this shouldn't have been done right the first time. I've had my tables griefed numerous times, and while my table isnt' the exact use-case of TTS, it's pretty common-place now to see 24/7 tables running, but when the permissions that the table owner sets are completely useless against 2 simple changes in a .dll, which would never have been possible if TTS dll's were signed, it's extremely frustrating.

    This is a major issue and affects everyone who plays TTS.

  3. #3
    The developers were happy to threaten a hardware ban on me, but not actually go through with it. I told that same developer exactly what I did to create the exploit, at the time. Now there's a bit more to it and signing the dll won't fix everything. There should be a game update coming this month, judging their previous update timing. Hopefully they have made progress on this.

    Edit: Also a heads up that another game website, TownOfSalem, was breached because they were using outdated forum software and insecure links, similar to this forum.

  4. #4
    Quote Originally Posted by Cody View Post
    The developers were happy to threaten a hardware ban on me, but not actually go through with it. I told that same developer exactly what I did to create the exploit, at the time. Now there's a bit more to it and signing the dll won't fix everything. There should be a game update coming this month, judging their previous update timing. Hopefully they have made progress on this.

    Edit: Also a heads up that another game website, TownOfSalem, was breached because they were using outdated forum software and insecure links, similar to this forum.
    Yeah, after you delete my save bag with all of my players progress, this needs to be fixed. No reason for this to even be possible.

  5. #5
    Bump.

    I'm confused as to why there's not even been an acknowledgement of this issue. It's not exactly minor.

  6. #6
    Bump.

    This is still a major issue.


  7. #7
    Bump.

  8. #8
    Join Date
    Feb 2017
    Posts
    178
    It's coming in the next patch. Knil said that in the discord a few days ago.

  9. #9
    Bump. Still an issue, https://steamcommunity.com/profiles/76561198053203324 joined my table today and was taking actions as Black while they were spectating. Can't even protect things with Lua when there's no validation in the game itself.

    @FoaS Maybe if they bothered responding on the "official" forums every now and then people would be less pissed off at their complete lack of action for nearly three months. And that's assuming they only found out with this thread, not the months beforehand that every other host encountered it.

  10. #10
    Join Date
    Jan 2014
    Posts
    986
    This did improve a lot when we rewrote our networking code before but there are still functions we forgot to add certain checks to. If there is anything else left we have missed feel to let me know and I’ll get them in the next update!

Similar Threads

  1. Replies: 5
    Last Post: 06-16-2018, 02:42 AM
  2. Permission Error Atom Cant save more than one time
    By auoryus in forum Scripting Bug Reports
    Replies: 2
    Last Post: 03-31-2018, 10:18 AM
  3. Copy/Paste as Host enabled/disabled permission
    By Intigracy in forum Suggestions
    Replies: 0
    Last Post: 02-03-2017, 09:52 PM
  4. Pastebin blocked by ISP
    By Drend in forum General Discussion
    Replies: 5
    Last Post: 06-14-2016, 05:23 AM
  5. Replies: 1
    Last Post: 01-24-2016, 03:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •