Disable Client-RC

[Skyld]

Quote:

Originally Posted by r3ckless

Personally I don't like the Client-RC. I prefer my staff to be on External, I feel insecure with Client-RC. I feel as though it can be a security risk to my server, and I don't like the look of it.

The Client-RC is subject to the exact same restrictions (i.e. server options, IP ranges) as the external RC. Only privileged scripts from the login server are capable of making Client-RC requests also. It is not any less secure.

Quote:

Originally Posted by r3ckless

Also, I rarely hire people who work on other servers, so that won't effect them. I have it set to only remove if your account is in the server options.

That is not the point. You should not be destroying login scripts, in the same vain that I expect you wouldn't destroy the serverlist or playerlist weapons either. With any luck in the future, these scripts won't be able to by destroyed by non-login scripts.

[cbk1994]

Quote:

Originally Posted by Skyld

The Client-RC is subject to the exact same restrictions (i.e. server options, IP ranges) as the external RC. Only privileged scripts from the login server are capable of making Client-RC requests also. It is not any less secure.

Next time a global's on client-RC on your server, run (**** incapsula) clientside or snoop on their use of global commands with onRCChat.

I've reported this before to Stefan, and I know you have too, but he has not replied .