[Sgt.TheDarkness]

Quote:

Originally Posted by Lordzy There were few tools designed to send fake packets to the server, such as what you've doubted. I'm not sure whether they've been fixed on the latest version. Also, why hasn't anyone considered about the listitem ID sent to server by the client? Suppose there's a dialog list which will contain list items such as "Dodo\nSparrow" and the same dialog ID, if shown to an administrator will have "Dodo\nSparrow\nSeaSparrow\nHunter". As you can see the dialog response is supposed to have (0 < listitem < 1) for normal players and (0 < listitem < 3) for administrators. But if a player sends a fake response with listitem as 3, they could get access to Hunter. This is an example of how server security can be easily exploited by sending fake packets. So, it's better to safeguard almost everything to be totally safe.

If you had one simple check to determine whether or not the player was authorized to have that vehicle, this would never work. The same can be applied to anything a player tries to exploit, if you add sanity checks into your code, the chances of exploitation become very slim.