Open up webpage on client (Clientsided)

[Greek2me]

It's extremely easy to slip exploits into mods. Big mods, especially. Slayer has 23,000 lines of server and client-sided code. If I inserted something into that, nobody would notice and it would affect a large part of the community. (not that I will - this is an example)

The mod doesn't even have to be very large, though. Backdoors appear now and then in Drama. Normally they're just commands to give the creator admin powers, but they could easily be something more significant. The thing is that nobody noticed them until they were used.

Those are just the intentional security holes. Like Lugnut was saying, I bet that there's a good number of mods that are susceptible to eval-injection or simply lagging the server with rapid command spamming.

[Ad Bot]

[Lugnut]

Those are just the intentional security holes. Like Lugnut was saying, I bet that there's a good number of mods that are susceptible to eval-injection or simply lagging the server with rapid command spamming.

i've been meaning to make a post about good security practices in add-ons for a while now. i think i'll actually do it.

[Greek2me]

i've been meaning to make a post about good security practices in add-ons for a while now. i think i'll actually do it.

Please do. I've actually been thinking about creating an exploit-hunting contest for various mods. I'm not sure what kind of incentive I would give, though.

[Ipquarx]

Please do. I've actually been thinking about creating an exploit-hunting contest for various mods. I'm not sure what kind of incentive I would give, though.

Well you'd also need mods that actually have exploits in them..