ID:802562
Jun 7 2012, 8:58 am
|
|||||||
| |||||||
It's pretty clear as to what is going on in these horribly edited images, right? Basically, the ability to push updates from Dream Maker, instead of having to first create the archive file containing the project files...then going on the website and such... | |||||||
|
Jun 7 2012, 8:47 pm
|
|
Darker Legends
 |
Support.
|
+1
| |
Make this for also updating hostfiles
| |
I like.
| |
This sounds like a great idea.
| |
I like it.
| |
+2
| |
Bump
| |
Supporting.
| |
I agree on the logged into a key already part.
| |
Galactic Soldier wrote:
I dislike. This idea defeats of the current systems in place, and since hub_password can be obtained via a numerous of ways, it puts this feature as a security hazard.What systems does it 'defeat'? How exactly does it put it as a security hazard? For one it's just stupid to make hub_password a text box there, Dream Maker should be able to compile and parse through to find out whatever value it is. Secondly, this is exploitable.compile and parse - yeah, that's why it says (from environment). Indicating that the information was retrieved from the environment. How is it exploitable? If they're going to go about this, the same systems should be kept in place to maintain security, as in you must be logged into the hub owner's key or a helper key.The demo pictures explicitly mention that. | |
Galactic Soldier wrote:
Anybody can get the hub_password through an ambiguous amount of ways with just the .dmb file, and people could use it to hack hubs. It's a security hazard. Except, for the fact that the hub_password doesn't appear in the DMB, and it's hashed as soon as the world.hub_password is set. | |
Galactic Soldier wrote:
Oh, it appears in there. There's exactly one way to get the hub_password from the DMB anymore, and you won't get it in a plaintext format. They removed that oversight more than a couple of versions ago after we pointed out to them that it was in there. | |
Galactic Soldier wrote:
There isn't only exactly one way to get the hub_password from the DMB. I'm tired of you people talking over me; you're all misinformed. I just cracked open a game and tested it out for myself to see if an update may have altered anything. You're doing something wrong, then. Having done extensive amounts of research on the topic and being involved in this for a long time now, I can tell you that there is exactly one way to get the hub password from the DMB and that's only useful for injecting into another DMB and hooking into someone else's hub. That being said, this discussion should not really be held in a public venue any further as it's only going to degrade in quality even further. If you'd like to discuss the matter, you're welcome to visit Chatters or page me and I'd be willing to talk to you about it. | |
Can we get a response from a developer on this please ... both the request and issue Galactic has noted.
| |
Although the feature request is logical, it is not trivial as DM currently does not do any networking.
As far as the security issue, as far as we know the hub-password is (in modern versions of the compiler) securely hashed. Obviously if anyone had a method to impersonate another game without knowledge of the password, we'd want to see that in action (and know of the exploit) so we could fix it. | |
You could parse the information through byond.exe as that would have the key as a validation when uploading the files?
| |
It'd be amazing if this was somehow added. <3
| |
