Submit Feedback

This object is in archive!

Addition to mod API: Secured client requests.

Foogs shared this feedback ago

Completed

Hi im need secured requests between server mod and client mod

>> MyAPIGateway.Multiplayer.RegisterMessageHandler(66666, MessageHandler);

>>MessageHandler not have a "sender" field, and clients can ez fake the data...

Im mean if im have on server unsafe method like DeleteGridsOwnedBySteamId(ulong steamId);

Im want to trigger that from client. But clients can fake request data!

In internal game code u have events with sender steamid and u check if sender have admin rights. But modders cant use this events.

f71a48ebe4ebb6c0fb771721248d7523

so.

Modify or add new MyAPIGateway.Multiplayer.RegisterSecuredMessageHandler(66666,SecuredMessageHandler);

SecuredMessageHandler(ulong SenderSteamId, byte[] bytes);

Replies (8)

Fer ●

WHERE KEEN!!!

Files:

URL

Foogs ●

^up^

URL

Владимир Кондратюк ●

KEEN, where are you??? Pls write any comment, todo?

URL

FGCSE Main ●

KEEN???

URL

Anatoliy 26 ●

We directly need that thing, so could you turn your look on this topic, keen`s? :)

URL

Sansa Lopez ●

It's really a big issue but doesn't worry about that, you just turn on the API and secure your server with client mod.

URL

Foogs ●

Fixed with this update, yeey

20 months to do

URL

QA KeenSWH ●

Hello, Engineers!

This shall indeed be fixed from version 197.

Kind Regards

Keen Software House: QA Department

URL