I'm currently working on a script, except I'm scared of creating dumb and simple exploits that people will find and use. How can I avoid creating exploits?
Thanks
With net messages, always check serverside if the user sending the message CAN actually do the action.
Classic example, if the user is sending a message to kick a player, make sure that the user is an admin.
You won't believe how many people never bother to check that.
[editline]16th November 2015[/editline]
It the end it pretty much comes down to common sense, never trust the user in ANYTHING.
[QUOTE=Jvs;49126409]With net messages, always check serverside if the user sending the message CAN actually do the action.
Classic example, if the user is sending a message to kick a player, make sure that the user is an admin.
You won't believe how many people never bother to check that.
[editline]16th November 2015[/editline]
It the end it pretty much comes down to common sense, never trust the user in ANYTHING.[/QUOTE]
Awesome, simple enough. Thank you
-snip-
edit: I didn't mean what I said in the context that I did. My apologies :ohno:
[QUOTE=bayrock;49126683]Sending from the client to the server is never a good idea, and it's not necessary.
[/QUOTE]
what the fuck?????
[QUOTE=bayrock;49126683]Similar to what Jvs stated you should generally only be sending net messages from the server to the client. Sending from the client to the server is never a good idea, and it's not necessary. [/QUOTE]
Thanks for agreeing with me on the security part, but what?
How else are you supposed to give input to the server, commands?
Commands are extremely limited, and as much as you shouldn't trust the client, some data you can't do without.
Sorry, you need to Log In to post a reply to this thread.
