IPB

Welcome Guest ( Log In | Register )

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
Reply to this topicStart new topic
> Security, an explination, Why not more power?
Snap
post Apr 30 2009, 12:43 AM
Post #1


The following post is supplementry information
*****

Group: Global Moderators
Posts: 2,922
Joined: 29-January 06
From: Eugene Oregon
Member No.: 31



Custom command systems are inherently security risky. - Generally giving people the power to make a custom command, means they can do anything. But there are times where you would want to let a friend/clan leader/member to be able to write CCX commands.
I want you to be able to let them, without them baning your members, or taking your ops.

In it's current state, CCX can't be abused - like:
<Joe>!addcc givemepower 0 /add Joe 999 ADSM
In fact by default*- if Joe had the power to make a cc, he couldn't ban someone:
<Joe>!whoami
<Bot> Joe has access 20.
<Joe>!addcc doban 20 /ban %rest
<Joe>!doban Otherguy

Nothing would happen. Joe needs flags of "O"/"A" or 80 access.
The same is required for the following:
CODE
"/kick", "/ban", "/designate", "/resign", "/squelch", "/ignore", "/clan", "/c", "/options", "/o", "/dnd"

Note that these are all battle.net commands- no internal commands can be accessed in this way.

*You can override this safety-feature with the config hack: security_usesafety=true

- Beware users with power to make CC's can fill your bots queue with messages.

- I'll update this topic with pertinent security warnings and explanations.


--------------------
~Life is all busy and stuff right now. - Car accident, lots of dr. appointments... Other stuff too. I still <3 StealthBot.net - - I'll be around.
Thinking about PMing me? Post it instead! CCX Forums | SnapNJacks Trivia Forums
IPB Image
IPB Image
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Ribose
post Apr 30 2009, 01:54 PM
Post #2


So, it's all about fame, huh?
*****

Group: Global Moderators
Posts: 2,950
Joined: 13-February 06
From: Connecticut, USA. (GMT -5:00)
Member No.: 74



"/join", "/j", and "/channel" should also be checked.


--------------------
~Ribose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Snap
post Apr 30 2009, 08:06 PM
Post #3


The following post is supplementry information
*****

Group: Global Moderators
Posts: 2,922
Joined: 29-January 06
From: Eugene Oregon
Member No.: 31



Yea, thanks.
Actually, after writing this - I brainstormed a bit.
I'm gonna allow internal commands to be executed - along with other CC's like "& /command".
Rather than the arbitrary "80" access for everything, I'm going to use Command() and ccx_RunCC to execute them.
The only problem with this - is that the IsCommand() doesn't exist in 2.6...
My reasons for avoiding this originally are no longer relevant.


--------------------
~Life is all busy and stuff right now. - Car accident, lots of dr. appointments... Other stuff too. I still <3 StealthBot.net - - I'll be around.
Thinking about PMing me? Post it instead! CCX Forums | SnapNJacks Trivia Forums
IPB Image
IPB Image
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
ViRaL
post May 1 2009, 12:35 AM
Post #4


_.-*:.-ViRaL-.:*-._
***

Group: Members
Posts: 115
Joined: 17-March 09
From: Washington, Tacoma--- Op iVD--Us East
Member No.: 48,022



QUOTE(Snap @ Apr 30 2009, 07:06 PM) *


I'm gonna allow internal commands to be executed - along with other CC's like "& /command".
Rather than the arbitrary "80" access for everything, I'm going to use Command() and ccx_RunCC to execute them.



Does this mean we will be able to create command strings that use commands from other plugins, or the greet message, such as !Addcc Startt /setgreet The tournament will begin at 5:00 pm Bnet Time. Or even go as far as to create custom commands that interlock with crs, or SnJ's Trivia?


--------------------
NOTICES: For those of you who post in the Script Creation Requests/"ViRaLs CCX Help Section" Forum.

If you dont use this format-- I will let you slide once--- The second time-- You get no help at all

EXPLANATION: A very detailed explanation of the desired script.
COMMANDs:
--------!Command1 - Detailed explanation of command, including required access, and desired output (whispered, emoted, etc.)
--------!Command2 - Detailed explanation of command, including required access, and desired output (whispered, emoted, etc.)

Please put required parameters in "< >", and optional in "[ ]" (Example: .score [username])

Do NOT bump... Requests Take time... Which I can't devote entirely to you. Please be PATIENT
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Snap
post May 1 2009, 02:34 AM
Post #5


The following post is supplementry information
*****

Group: Global Moderators
Posts: 2,922
Joined: 29-January 06
From: Eugene Oregon
Member No.: 31



That will be difficult to accomplish - because plugins simply 'look' for a command. - There's no way to tell if a plugin has a command or not.
With the Plugin System i'll be able to call all the plugin's UserTalk sub- but this wont work with 2.7 'Scripts'.
The internal commands like /setgreet will work. - And CCX CC's.
I'll play around with it - and hopefully get some feedback when I release 1.94.


--------------------
~Life is all busy and stuff right now. - Car accident, lots of dr. appointments... Other stuff too. I still <3 StealthBot.net - - I'll be around.
Thinking about PMing me? Post it instead! CCX Forums | SnapNJacks Trivia Forums
IPB Image
IPB Image
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Snap
post May 11 2009, 09:06 PM
Post #6


The following post is supplementry information
*****

Group: Global Moderators
Posts: 2,922
Joined: 29-January 06
From: Eugene Oregon
Member No.: 31



All types of commands can now be executed with CCX. - But the commands are executed as if the user using the CC used the command.
See http://www.stealthbot.net/board/index.php?...st&p=332389 for more details.


--------------------
~Life is all busy and stuff right now. - Car accident, lots of dr. appointments... Other stuff too. I still <3 StealthBot.net - - I'll be around.
Thinking about PMing me? Post it instead! CCX Forums | SnapNJacks Trivia Forums
IPB Image
IPB Image
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 16th November 2019 - 07:56 PM
Skin by Andrea
Website Legal Information | Hosted by LunarPages