Graal Forums  

Go Back   Graal Forums > Development Forums > NPC Scripting
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 09-01-2017, 09:34 PM
maximus_asinus maximus_asinus is offline
RIP DarkCloud_PK
Join Date: Oct 2001
Location: Canada
Posts: 3,743
maximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond reputemaximus_asinus has a reputation beyond repute
Addressing Security inside NPC?

How secure are attr[] values from a memory editor? I'm defining them serverside and using them to sync data between the server and client. I'm wondering if because of their nature, will a player running a trainer be able to redefine these values?

A stripped down version of my script:

PHP Code:
// level NPC
function onCreated() {
  
this.attr[1] = ITEM;
  
join("CLASS");

PHP Code:
// class NPC
function onActionCHECK() {
  
addweapon(this.attr[1]);
}

//#CLIENTSIDE
function onPlayerTouchsMe() {
  
// triggeraction CHECK

As you can see, IF this.attr[1] is accessible by a trainer then the player could inject code to give himself any item on the server.
__________________
Save Classic!
Reply With Quote
  #2  
Old 09-02-2017, 03:51 PM
MysticalDragon MysticalDragon is offline
Global Administration
MysticalDragon's Avatar
Join Date: Oct 2002
Location: Lynn Ma
Posts: 883
MysticalDragon is just really niceMysticalDragon is just really nice
Send a message via AIM to MysticalDragon Send a message via MSN to MysticalDragon
its pretty secure, you can't read client set attrs on serverside

example:
PHP Code:
function onCreated() { 
  
this.attr[2] = "test";
  echo(
this.attr[2]);

example2
PHP Code:
function onActionServerSide(temp.cmd) {
  switch(
temp.cmd) {
    case 
"testEcho";
      echo(
this.attr[3]); //wont echo anything
    
break;
  }
}
//#CLIENTSIDE
function onCreated() {
  
this.attr[3] = "test";
  
triggerserver("gui"this.name"testEcho");

However you can read server set Attrs on Client
__________________
~Delteria Support
~Playerworld Support
~PWA Chief
http://support.toonslab.com
[email protected]



Reply With Quote
  #3  
Old 09-04-2017, 07:35 PM
DustyPorViva DustyPorViva is offline
Will work for food. Maybe
DustyPorViva's Avatar
Join Date: Sep 2003
Location: Maryland, USA
Posts: 9,589
DustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond reputeDustyPorViva has a reputation beyond repute
Send a message via AIM to DustyPorViva Send a message via MSN to DustyPorViva
If it's visible on the client than it can be edited in a memory editor.

The security Graal employs simply means secured variables are updated when changed on the server. You can still edit clientr.variables on the clientside but once the server updates the same flag it will push the new value back to the client and change it back. However changes to the client are not pushed to the server unless it's a variable that is synced(such as a client.variable).
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 07:50 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.