PDA

View Full Version : Addressing Security inside NPC?


maximus_asinus
09-01-2017, 09:34 PM
How secure are attr[] values from a memory editor? I'm defining them serverside and using them to sync data between the server and client. I'm wondering if because of their nature, will a player running a trainer be able to redefine these values?

A stripped down version of my script:

// level NPC
function onCreated() {
this.attr[1] = ITEM;
join("CLASS");
}
// class NPC
function onActionCHECK() {
addweapon(this.attr[1]);
}

//#CLIENTSIDE
function onPlayerTouchsMe() {
// triggeraction CHECK
}

As you can see, IF this.attr[1] is accessible by a trainer then the player could inject code to give himself any item on the server.

MysticalDragon
09-02-2017, 03:51 PM
its pretty secure, you can't read client set attrs on serverside

example:

function onCreated() {
this.attr[2] = "test";
echo(this.attr[2]);
}


example2

function onActionServerSide(temp.cmd) {
switch(temp.cmd) {
case "testEcho";
echo(this.attr[3]); //wont echo anything
break;
}
}
//#CLIENTSIDE
function onCreated() {
this.attr[3] = "test";
triggerserver("gui", this.name, "testEcho");
}


However you can read server set Attrs on Client

DustyPorViva
09-04-2017, 07:35 PM
If it's visible on the client than it can be edited in a memory editor.

The security Graal employs simply means secured variables are updated when changed on the server. You can still edit clientr.variables on the clientside but once the server updates the same flag it will push the new value back to the client and change it back. However changes to the client are not pushed to the server unless it's a variable that is synced(such as a client.variable).