well maptool is great program but has a problem
hacking is possible the launch of dice
for resolve this problem is think one idea
censoring commands list campaign
very simple implementation
only put a list of regular expression in campaign settings and only the commands than not resolve regular expression is possible to launch
opinions?
thx
hacking maptool
Moderators: dorpond, trevor, Azhrei
Forum rules
PLEASE don't post images of your entire desktop, attach entire campaign files when only a single file is needed, or generally act in some other anti-social behavior.
PLEASE don't post images of your entire desktop, attach entire campaign files when only a single file is needed, or generally act in some other anti-social behavior.
- Mr. Pokeylope
- Giant
- Posts: 118
- Joined: Mon Aug 11, 2008 9:24 pm
There are a number of problems with MapTool from a security perspective, and actually making it secure would be a pretty significant undertaking. The existing cheat detection method catches simple attempts to fake rolls, but there are ways around it. You can also do fun things like spoof messages from other players. And this is assuming an unmodified client; if a player compiles their own version of the client, they can sent pretty much whatever data they want, and the server has no way of knowing it's not valid. Fixing that would require a major overhaul of the MapTool architecture (basically, making the server do a lot of the work that the client currently does, like doing rolls and executing macros).
So, yes, making MapTool more secure is a good idea, but actually doing it successfully will be a lot of work.
So, yes, making MapTool more secure is a good idea, but actually doing it successfully will be a lot of work.
the idea of listing expressioni regular and easy to implement (they are a programmer java:)) I am sure that a expert maptool programmer in 3 days could deploy, in a generic way solve all possible hacking.Mr. Pokeylope wrote:There are a number of problems with MapTool from a security perspective, and actually making it secure would be a pretty significant undertaking. The existing cheat detection method catches simple attempts to fake rolls, but there are ways around it. You can also do fun things like spoof messages from other players. And this is assuming an unmodified client; if a player compiles their own version of the client, they can sent pretty much whatever data they want, and the server has no way of knowing it's not valid. Fixing that would require a major overhaul of the MapTool architecture (basically, making the server do a lot of the work that the client currently does, like doing rolls and executing macros).
So, yes, making MapTool more secure is a good idea, but actually doing it successfully will be a lot of work.
es.
Campaign Table Invalid command
N Rule | message | regular expression
1 hacking dice command
Add edit remove
1 modify: implement table
2 modify: add tag campaign file for table censor
3 modify: read table and control if one of all regular expression match otherwise the command is ok
one question: but in maptool the client trasmit command or the resolved command?
- trevor
- Codeum Arcanum (RPTools Founder)
- Posts: 11311
- Joined: Mon Jan 09, 2006 4:16 pm
- Location: Austin, Tx
- Contact:
Mr. Pokeylope is correct, the only real solution would be to have the server handle pretty much everything, which isn't impossible, just a significant change from the way it works now.
The hope is that the players you choose to play with are honest and are there for the fun times, not to beat the system by cheating.
The hope is that the players you choose to play with are honest and are there for the fun times, not to beat the system by cheating.
Dreaming of a 1.3 release