Changes between Initial Version and Version 1 of Ticket #3552


Ignore:
Timestamp:
Oct 26, 2015, 8:16:14 PM (8 years ago)
Author:
elexis
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #3552 – Description

    initial v1  
    11'''Problem:''' Malicious users can send commands for other players in rated games.
    22
    3 This can be accomplished by abusing the developer overlay, which can be opened in rated games using one of the bugs (#3547, #3550, likely others) or by removing one check.
     3This can be accomplished by abusing the developer overlay. It can be opened in rated games using one of the bugs (#3547, #3550, likely others) or by removing one check.
    44
    5 Release blocker as it has been abused way too often by script-kiddies using proxies and making new accounts after being banned.
     5Release-blocker as it has been abused way too often by script-kiddies using proxies and making new accounts after being banned.
    66
    77'''Implementation:'''
    8 * Defending against malicious clients/players: For rated games, the server must ignore commands for players that don't correspond to the client that sent them.
    9 * Defending against a malicious server (i.e. a host with a modified `NetServer.cpp`) is impossible without using public/private-key crypto (or a p2p structure instead). Surely won't be addressed in this ticket.
     8* Defending against malicious clients/players: For rated games, '''the server must ignore commands for players that don't correspond to the client that sent them'''.
    109
    11 According to #3155 sending commands for other players without having cheats enabled should be allowed. That's why we check for rated games instead, where it shouldn't be possible (according to that javascript check).
     10{{{
     11#!div style="font-size: 80%"
     12 According to #3155, sending commands for other players without having cheats enabled should be allowed. That's why we check for rated games instead of cheats.
     13}}}
     14
     15* Defending against a malicious server (i.e. a host with a modified `NetServer.cpp`) is '''impossible''' without either using public/private-key crypto (and requiring everone to validate their public keys outside of 0 A.D.) or switching to a a p2p structure. Surely won't be addressed in this ticket.