Author Topic: Output Event-Server Command (Read 3619 times)

Advanced Bot · January 20, 2014, 04:11:58 AM

Quote from: Who Cares99 on January 20, 2014, 04:10:06 AM

If the host doesn't know what the effects will be they probably won't know how to use the event either.

Which comes into a question: "Why did they install the command event add-on when it is host only, and they don't even know how to event?"

Ad Bot · Advertisement

SWAT One · January 20, 2014, 07:36:54 AM

Quote from: SWAT One on January 19, 2014, 06:50:41 PM

What if there were a way to detect the user that made it so that players who used it would actually have permission to the command. If a user made a button to clear all their bricks, by clicking it then why not?

Also, is there a way to encrypt files for blockland? People could still modify it and make it abusable. Sorry to possibly dash your hopes. You could try writing it in a weird format, or maybe making a model with material names being lines of code, that you extract from the model to piece something together.

Blocki · January 20, 2014, 09:57:13 AM

Quote from: SWAT One on January 20, 2014, 07:36:54 AM

Also, is there a way to encrypt files for blockland? People could still modify it and make it abusable. You could try writing it in a weird format, or maybe making a model with material names being lines of code, that you extract from the model to piece something together.

What exactly are you trying to do lol

Hawt · January 20, 2014, 11:04:20 AM

Quote from: Advanced Bot on January 20, 2014, 03:34:54 AM

Just not making the add-on will create less risk for everyone. Plus, badspot will either just remove it, or will remove it and ban you.

There is a reason why everything will get fail binned if it creates vulnerabilities to the server.
It was using server commands, they can be easily spammed, and like Badspot said, it has a possibility of shutting down the server. These can be used with relay events, which the server will just be a disappointment.

what about a time delay?

Who Cares99 · January 20, 2014, 11:07:23 AM

Quote from: SWAT One on January 20, 2014, 07:36:54 AM

Also, is there a way to encrypt files for blockland? People could still modify it and make it abusable. Sorry to possibly dash your hopes. You could try writing it in a weird format, or maybe making a model with material names being lines of code, that you extract from the model to piece something together.

That's like saying you could just edit the script of Strato's F-18 and it's abuseable because it kills everyone on the server. True, but I don't think we should be concerned about it.

Advanced Bot · January 20, 2014, 11:21:14 AM

Quote from: Hawt on January 20, 2014, 11:04:20 AM

what about a time delay?

I don't think it would work too well, besides, even if someone made it again Badspot might remove it.

General · January 21, 2014, 12:53:49 PM

Not sure if Badspot is referring to this, but only make the event execute server sided commands? You know, the ones you can already execute with the slash /

I don't at first thought see the issue with this.

Blocki · January 21, 2014, 12:55:40 PM

Quote from: General on January 21, 2014, 12:53:49 PM

Not sure if Badspot is referring to this, but only make the event execute server sided commands? You know, the ones you can already execute with the slash /

I don't at first thought see the issue with this.

That's exactly what it does.

General · January 21, 2014, 12:56:35 PM

Quote from: Blocki on January 21, 2014, 12:55:40 PM

That's exactly what it does.

Well if those commands can already be accessed by anyone on the server I don't really see the security issue :I

Blocki · January 21, 2014, 12:58:44 PM

Quote from: General on January 21, 2014, 12:56:35 PM

Well if those commands can already be accessed by anyone on the server I don't really see the security issue :I

You can force other people to call the commands - see line 2 & 3 to realize the danger:

General · January 21, 2014, 01:01:44 PM

Only admins would be able to use the ban command though, issue I see is flooding. Could be bypassed with a time restriction but that only complicates things.

Blocki · January 21, 2014, 01:02:24 PM

Quote from: General on January 21, 2014, 01:01:44 PM

Only admins would be able to use the ban command though, issue I see is flooding. Could be bypassed with a time restriction but that only complicates things.

That's the point - you set up an event like that and once the admin clicks your brick, he's gone.

General · January 21, 2014, 01:06:19 PM

Every time the event is called, the user is prompted with a warning before continuing ;)

Nah only kidding, the event though if used in the right ways can be very useful.

Blocki · January 21, 2014, 01:09:45 PM

Quote from: General on January 21, 2014, 01:06:19 PM

Every time the event is called, the user is prompted with a warning before continuing ;)

Nah only kidding, the event though if used in the right ways can be very useful.

Obviously it is very useful. That's the point.

General · January 21, 2014, 01:15:28 PM

... Maybe prompting could actually work? All default server commands can be reviewed as to whether they have the potential to be harmful, and those which are display a prompt before continuing. All foreign (add-on cmds) automatically prompt to prevent issues.

Edit: Maybe an exception list for advanced users.