Server Help

ASSS Questions - Security of Open Source
BDwinsAlt - Sun Nov 20, 2005 4:53 pm
Post subject: Security of Open Source
Well since AS3 is open source, im scared to use it. What is stopping people from using that to make people download trojans and unwanted things like spyware. They could use this to get/put files to your pc. I think some form of security needs to be put into as3 that cannot be changed. If it's already there, sry im not using ASSS cause im scared to. icon_eek.gif

What if someone screwed everyone over who came into their zone. That would suck. ROFL i can see the wallpapers now:

"You have been Hacked by xxxxxxx!"

then 2 days later windows won't start up.
Dr Brain - Sun Nov 20, 2005 5:03 pm
Post subject:
You're talking about using asss as a player, not as a zone op, right?

First off, continuum can only get/put things to the continuum directory, so about the only thing it'd be able to do would be put random junk into your cont directory. This is very unsatisfying for a hacker, so they'd never bother. Besides, cont tells you whenever you receive a file, so you'd instantly know.
BDwinsAlt - Sun Nov 20, 2005 5:05 pm
Post subject:
Oh i thought subgame told you. My Bad. Thanks for shutting me up icon_cool.gif
Mr Ekted - Sun Nov 20, 2005 6:05 pm
Post subject:
Cont only accepts BMP BM2 WAV WA2 TXT LVL LVZ and maybe a few other "non-executable" file types. Sure the zone op could put executable code in any of those, but then you'd still need something else to actually run it.
BDwinsAlt - Sun Nov 20, 2005 7:54 pm
Post subject:
But what if these people making another version of continuum don't put in things like only accepting certian file types and all. Then what happens.
D1st0rt - Sun Nov 20, 2005 8:21 pm
Post subject:
Maybe you should stop using the internet because you could get unwanted files on your computer.
Dr Brain - Sun Nov 20, 2005 8:25 pm
Post subject:
Mr Ekted wrote:
Cont only accepts BMP BM2 WAV WA2 TXT LVL LVZ and maybe a few other "non-executable" file types. Sure the zone op could put executable code in any of those, but then you'd still need something else to actually run it.


It accepts whatever I ask it for on my ASSS server. Most of the files I request have funky extensions, so I find your statement hard to believe (I don't see priit as the type to code in hundreds of odd allowed extensions). You sure it's not the server imposing that limit? I'm pretty sure that Cont won't let you override the main executable, but I'm not so sure beyond that.
Mr Ekted - Sun Nov 20, 2005 8:28 pm
Post subject:
The client only ever requests LVL, LVZ, TXT, and CFG files I believe. And it will only extract and use files within an LVZ with certain extensions. You can use *getfile/*putfile on anything you like, but that's your own damn fault.
Dr Brain - Sun Nov 20, 2005 8:44 pm
Post subject:
The client doesn't have to request anything to have it downloaded.

Here, I have a program explaining everything, BD. Just unzip and run it.
BDwinsAlt - Sun Nov 20, 2005 9:34 pm
Post subject:
ROFL
BDwinsAlt - Sun Nov 20, 2005 9:35 pm
Post subject:
Dude i only posted this to see all the crazy things you ppl would come up with. I could careless about as3. I never use it.
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group