Graal Forums  

Go Back   Graal Forums > Development Forums > NPC Scripting
FAQ Members List Calendar Today's Posts

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 03-30-2011, 05:52 PM
kingcj kingcj is offline
Registered User
kingcj's Avatar
Join Date: Apr 2006
Location: TN
Posts: 114
kingcj will become famous soon enough
Send a message via MSN to kingcj
Ok so don't use params[1] because onActionServerside() references the player that used it, and it's a security risk? Thanks for the help!
__________________
Zie

"It is not necessary to change. Survival is not mandatory." - W. Edwards Deming
Reply With Quote
  #2  
Old 03-30-2011, 06:07 PM
fowlplay4 fowlplay4 is offline
team canada
fowlplay4's Avatar
Join Date: Jul 2004
Location: Canada
Posts: 5,200
fowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond repute
Quote:
Originally Posted by kingcj View Post
Ok so don't use params[1] because onActionServerside() references the player that used it, and it's a security risk? Thanks for the help!
If you're just changing your own player's data, you don't need to pass their account to the server because your player object is accessible.

Scenario: Changing your own player's chat. (Ignore the fact that you can do it on the client-side...)

BAD:

PHP Code:
function onActionServerside() {
  
// Potentially allowing hackers to make people laugh uncontrollably.
  
with (findplayer(params[1])) {
    
player.chat "haha";
  }
}
//#CLIENTSIDE
function onCreated() {
  
// A hacker could change the player.account variable that's being sent.
  
triggerserver("gui"this.name"example"player.account); 

GOOD:

PHP Code:
function onActionServerside() {
  
player.chat "haha";
}
//#CLIENTSIDE
function onCreated() {
  
triggerserver("gui"this.name"example");

__________________
Quote:
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 02:36 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.