If there were some way to run Lua from the server on the client's "side" (for example, the inventory stuff, even though that isn't really a client-side mod), could someone create a publicly-listed malicious server which sends to a player's client some Lua code which, when run by the player's client, deletes all of their files or something horrible like that?
If so, this would be a really good reason to never implement any "client-side modding" which causes a client to receive and run Lua code sent by the server.
FOSS gamedev and creative worlds
This is a mostly frozen copy of the Minetest forums through 2017. If you know phpBB3 and would like to host any G-rated forum here, you can email: me@minetest.org If the email doesn't work, find out who's taken over Final Minetest from OldCoder and email them to get write access or an admin account.
I should have set this up years ago. But it's no tale of woe.
Whether the temperature is high or low, regardless of cold winds blow,
away we go like Edgar Allan Poe, on now with the show. BTW rhymes are welcome.
Malicious Server with "Client-side modding"
2 posts
• Page 1 of 1
-
SegFault22 - Member
- Posts: 870
- Joined: Mon May 21, 2012 03:17
-
rubenwardy - Member
- Posts: 4500
- Joined: Tue Jun 12, 2012 18:11
- GitHub:
rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
Re: Malicious Server with "Client-side modding"
No - Lua Sandboxing
When browsing the web, servers can (usually) run javascript code on your computer
When browsing the web, servers can (usually) run javascript code on your computer
Like my stuff? Tip me a coffee | My Twitter
Mods: Awards - 15 more
Tools: Node Box Editor Mt Mods 4 Android
online book teaching how to mod
Mods: Awards - 15 more
Tools: Node Box Editor Mt Mods 4 Android
online book teaching how to mod
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest