Opened 8 years ago
Last modified 5 years ago
#3923 new enhancement
Client-side detection of serverside command-injection — at Initial Version
Reported by: | elexis | Owned by: | |
---|---|---|---|
Priority: | If Time Permits | Milestone: | Backlog |
Component: | Network | Keywords: | |
Cc: | Patch: |
Description
r17170 (#2676) made the server reject commands for player X if they were sent by player Y (if cheats were disabled).
As suggested by sanderd17, the client should check if the server sent a command for him that the client didn't send (if cheats were disabled).
While r17170 (and the dupe of that ticket #3552) was about preventing acute abuse of the developer overlay, this ticket deals with a theoretical (yet unused) attack vector, where the NetServer
code was modified to add commands which were not authorized by the original player.
Once such a command is detected, an error, message box or chatmessage should be shown. The command should still be executed so as not to become OOS (since being OOS is worse than ending the game immediately).