Author Topic: Blockland Glass Mod Manager [Released!]  (Read 23245 times)

noedit: i can't login (i made a new account too)

How does the file brown townysis work? Does it look for like, keywords and stuff? If so, which ones?

Also, how are you handling user accounts? Are you hashing passwords?

It looks for keywords. At the moment, anything relating to admin privileges, key.dat, Eval, TCPObjects. More is to come, and I'm open to suggestions.

Passwords are salted with a unique salt and then hashed.

noedit: i can't login (i made a new account too)
You're showing up in the database just fine, are you sure you entered your password correctly?
« Last Edit: May 02, 2015, 10:48:34 PM by Scout31 »

It looks for keywords. At the moment, anything relating to admin privileges, key.dat, Eval, TCPObjects. More is to come, and I'm open to suggestions.
As far as I know, there's no way to actually get admin priviledges in TS, as it's merely an in-game language. TCPObjects have legitimate uses, so that shouldn't be an automatic disqualification. I can honestly say I haven't seen a single case where eval is actually necessary, so yeah that's fine to block. What you should block is stuff like setKeyDat, all the different secureclientcmds, crash();, stuff like that

Passwords are salted with a unique salt and then hashed.
Very good, thumbs up

Two concerns: 1. when I try to log in, it makes me authenticate to make sure I'm not a robot. Is this really necessary?
2. Tried to upload addon, got this:


when I went to look at the addon page, it said it detected malicious code, however when it was reviewing it it said there was none detected. What's going on there?

You're showing up in the database just fine, are you sure you entered your password correctly?
can you clear my account or something

Database problem yet again. I went in and manually fixed it, and it shouldn't occur again. The debug page was the same issue, I hadn't pushed a patch live yet.

As far as I know, there's no way to actually get admin priviledges in TS, as it's merely an in-game language. TCPObjects have legitimate uses, so that shouldn't be an automatic disqualification. I can honestly say I haven't seen a single case where eval is actually necessary, so yeah that's fine to block. What you should block is stuff like setKeyDat, all the different secureclientcmds, crash();, stuff like that

I was referring to in-game admin, not OS privilege escalation. Unlike the old RTB system, files considered malicious aren't barred out entirely, they only display that warning until other legitimate users come by and give it a thumbs up. Having a file marked malicious automatically just keeps it from going straight to an open market on the planned in-game downloader. TCPObjects do have legitimate uses, but can also be used very maliciously. The automatic flagging system is really only in place to shout out to other developers "hey, you should make sure this is all okay because it might not be".

can you clear my account or something
Done.


-snip-
Alright, so if I'm getting this right: If any addon is caught using specific code phrases, it's flagged as potentially malicious. Will not appear in the in-game manager. However, if none of the keywords are triggered, it will appear in the in-game manager, just with a warning?

Yep. And of course, crowd-sourced player code review will triumph automated checking. That's just not implemented yet.

I have a suggestion, Can you add a Save subform to the addons? It can make blockland saves more easier to download.

Edit: Also why when im making an account there is no email to enter???

Yep. And of course, crowd-sourced player code review will triumph automated checking. That's just not implemented yet.
Sounds good to me. Here are some more things you should flag:
FileObject
FileDelete
FileCopy
Call
Schedule
RTB_RegisterPref

There are a multitude of other default functions that actually expose eval in them, so those should be flagged as well. However I don't have the list on me...

After you create an account it should either log you in or bring you to the login page instead of reloading the create account page. Also you should consider removing Script as a category and replacing it with Server and Client because there are differences. Some people only look for client files.

Sounds good to me. Here are some more things you should flag:
FileObject
FileDelete
FileCopy
Call
Schedule
RTB_RegisterPref

There are a multitude of other default functions that actually expose eval in them, so those should be flagged as well. However I don't have the list on me...
Thank you very much, these are all checked now.

After you create an account it should either log you in or bring you to the login page instead of reloading the create account page. Also you should consider removing Script as a category and replacing it with Server and Client because there are differences. Some people only look for client files.
Fixed the registration, I'll be pushing it in a moment. I've also implemented "client" and "server" flagging so that users will eventually be able to filter by either. I'll be running a script to re-scan the files and update them appropriately.

Edit: You can now delete files.
« Last Edit: May 03, 2015, 11:19:27 AM by Scout31 »

can you add a category for prints


tried uploading a print 3 times and it just refreshes the page.

edit: what about a category for system addons?

edit edit: i can't view the prints board or any board fixed
« Last Edit: May 03, 2015, 11:58:36 AM by Hawt »