MantisBT - Zandronum | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002120 | Zandronum | [All Projects] Bug | public | 2015-03-08 01:00 | 2015-03-08 04:51 |
| Reporter | haxmurderer | ||||
| Assigned To | |||||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Microsoft | OS | Windows | OS Version | XP/Vista/7 |
| Product Version | 1.3 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0002120: Persistent inventory / DB is always exploitable due to design limitations | ||||
| Description | Hi guys, In Survivalism, I've had persistent inventory running pretty much since Zandronum 1.3 came out, and the basics have been working great. There's dozens of players who have persistent inventory on my server and have been playing for months. One major problem that I can't figure out is how to prevent this exploit: A player saves their inventory in-game, drops a bunch of items, reconnects, and then reloads their inventory. They now have all their old inventory plus the items they dropped. I thought the solution would be to save the player's inventory in a DISCONNECT script, but the ZDoom wiki says, "Because the player has already left the game by the time this script is called, no actions can be taken on that player", therefore this solution won't work. If we changed the behaviour of DISCONNECT to allow access to the player momentarily, I'd be able to solve my problem. I can't think of any other way around this. I believe we have to change something in Zandronum to fix this exploit. It's more important to me now because I've added an XP and leveling system to Survivalism that's also persistent. Any ideas? Thanks! | ||||
| Steps To Reproduce | Do a thought experiment: A player saves their inventory in-game to the DB, drops a bunch of items, reconnects, and then loads their inventory from the DB. They now have all their old inventory plus the items they dropped. | ||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2015-03-08 01:00 | haxmurderer | New Issue | |||
| 2015-03-08 02:56 | Hypnotoad | Note Added: 0011782 | |||
| Notes | |||||
|
|
|||||
|
|
||||