25.12.2016, 21:22
What helps anti dialog spoofing?
What helps anti dialog spoofing?
25.12.2016, 22:05
You mean dialog ID spoofing? I heard that somewhere, I'm not even sure if it's possible.
25.12.2016, 23:09
Dialog spoofing is possible, I can confirm this. The answer to your question in short is that it can prevent your dialogs getting spoofed or called by clients directly. Suppose you have have this code:
Here from the above code you can see clearly that the dialog is meant to be shown only for RCON admins. True, but there's no checks over it's response. A response can be given to the server faking the parameters of the callback. Which means, according to the unsafe code above, even a normal player can kick every players on a server. It's always better to safeguard all your callbacks since most of them can get called with fake parameters and values.
That also includes the values that you directly use as array indexes. Never trust the data you get from clients totally, unless it's filtered and safe to be used. Or else it would risk your security or lead to server crashes.
pawn Код:
public OnDialogResponse(...) {
if(dialogid == 1) {
if(response == 1 && listitem == 1) {
for(new i = 0, j = GetPlayerPoolSize(); i <= j; i++) {
if(!IsPlayerConnected(i)) continue;
Kick(i);
///...
//Your admin dialog stuff command:
CMD:stuff(playerid, params[]) {
if(!IsPlayerAdmin(playerid)) return 0; //Only for RCON.
ShowPlayerDialog(playerid, 1, DIALOG_TYPE_LIST, "Admin Menu", "Shut Down\nKick All\n...", "Choose", "Close");
return 1;
}
That also includes the values that you directly use as array indexes. Never trust the data you get from clients totally, unless it's filtered and safe to be used. Or else it would risk your security or lead to server crashes.
25.12.2016, 23:11
Quote:
|
Originally Posted by AndreiWow
 What does 'spoofing' mean?
|
25.12.2016, 23:12
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)