Simas 12 Posted May 21, 2013 (edited) The compileFinal result and built-in SQF commands are now read-only - and it is a great start towards secure MP code. However, the problem still remains with clients being able to publicVariable server-side vars, right? How do you deal with this? Say, I want to create a global "Game Logic" object on a server and prevent it from being overridden. Any options? I was thinking that maybe one can implement some sort of a singleton getter function (with compileFinal) that returns that game logic var. But then again, where do you actually store that game logic instance var (inside that "final" singleton function) securely? Another option would be every time you invoke this getter - check the global var, make sure it's of the correct type and if not - re-create. That would theoretically work - but not with all the objects. Also, I read something about BattleEye filters - but I am not sure I grasp the concept myself. Where do you edit these filters? Edited May 21, 2013 by simast Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 21, 2013 create your variables in uiNamespace or parsingNamespace Share this post Link to post Share on other sites
Simas 12 Posted May 21, 2013 create your variables in uiNamespace or parsingNamespace Which one would be preferred? The Wiki is lacking info.. what variables are usually stored on the parsingNamespace? And what would be the life-time of both namespaces? Share this post Link to post Share on other sites
eddieck 10 Posted May 21, 2013 The compileFinal result and built-in SQF commands are now read-only - and it is a great start towards secure MP code. However, the problem still remains with clients being able to publicVariable server-side vars, right? The namespace idea is good, but OMG what a fucking hack. (Why, BI, why do we have to resort to things like that?) Also, I read something about BattleEye filters - but I am not sure I grasp the concept myself. Where do you edit these filters? Only in OA at the moment, but the filter config files are stored in the BE directory (expansion/battleye by default). Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 21, 2013 Which one would be preferred? The Wiki is lacking info.. what variables are usually stored on the parsingNamespace? And what would be the life-time of both namespaces? lifetime is arma on arma off. BIS use uiNamespace a lot. dont know much about parsing only what wiki says Share this post Link to post Share on other sites
mindstorm 8 Posted May 22, 2013 Well i'm not sure 100% but I think something like this script should work, just wrote it but I don't have time to test it now: It basically creates a copy var for each "safe var" and adds an eventhandler to both vars. When a client publicvars a var it checks the var against the copy var and resets it if they are not the same. Same with the copy var. Now on the server you can use this to change the var to something new: ["VARNAME", value] call FNC_SetVarSafe; It will then change both the var and the copy var. Because the eventhandlers are local they wont fire.' And because a client can only publicvar 1 var at a time they will always be checked against previous values. This should work in theory but I had no time to test it. Also credits to kronzky for his string functions. if(isServer) then { SAFE_VARS = {"MYPUBLICVAR1","MYPUBLICVAR2","MYPUBLICVAR3"}; { _varName = _x; _varName addPublicVariableEventHandler { _this call FNC_CheckVar;}; _varNameCompare = _varName + "_compare"; _varNameCompare addPublicVariableEventHandler { _this call FNC_CheckVarCompare;}; } forEach SAFE_VARS; }; FNC_SetVarSafe = { _varName = _this select 0; _newValue = _this select 1; _varNameCompare = _varName = "_compare"; missionNamespace setVariable [_varName, _newValue]; missionNamespace setVariable [_varNameCompare, _newValue]; }; FNC_CheckVar = { _varName = _this select 0; _varNameCompare = [([_varName] call KRON_StrLen - 8)] call KRON_StrLeft; _var = missionNamespace getVariable _varName; _varCompare = missionNamespace getVariable _varNameCompare; if(_var != _varCompare) then { missionNamespace setVariable [_varCompare, _var]; }; }; FNC_CheckVarCompare = { _varNameCompare = _this select 0; _varName = _var + "_compare"; _var = missionNamespace getVariable _varName; _varCompare = missionNamespace getVariable _varNameCompare; if(_varCompare != _var) then { missionNamespace setVariable [_var, _varCompare]; }; }; KRON_StrToArray = { private["_in","_i","_arr","_out"]; _in=_this select 0; _arr = toArray(_in); _out=[]; for "_i" from 0 to (count _arr)-1 do { _out=_out+[toString([_arr select _i])]; }; _out }; KRON_StrLeft = { private["_in","_len","_arr","_out"]; _in=_this select 0; _len=(_this select 1)-1; _arr=[_in] call KRON_StrToArray; _out=""; if (_len>=(count _arr)) then { _out=_in; } else { for "_i" from 0 to _len do { _out=_out + (_arr select _i); }; }; _out }; KRON_StrLen = { private["_in","_arr","_len"]; _in=_this select 0; _arr=[_in] call KRON_StrToArray; _len=count (_arr); _len }; Share this post Link to post Share on other sites
tonic-_- 53 Posted May 22, 2013 (edited) It doesn't really matter where we store anything because all someone has to do is open up the mission, even if you hide the functions server side someone could also see what is in it. There really is no way to secure your mission from cheaters and other things. What would be nice is the ability to use compileFinal with a key, by using that key you could 'recompile' over a variable that was compileFinal, they were suppose to give us some type of way to overwrite it but maybe they forgot? There is a lot of great potential with compileFinal but needs more work. Edited May 22, 2013 by Tonic-_- lost my mind Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 22, 2013 It doesn't really matter where we store anything because all someone has to do is open up the mission, even if you hide the functions server side someone could also see what is in it. Don't want to be a pain in the butt, but how??? Share this post Link to post Share on other sites
Simas 12 Posted May 22, 2013 Yes, the Killzone_Kid namespace idea works great as you can't publicVariable outside of the default missionNamespace. I just wish they added another namespace - call it localNamespace (instead of this ui/parsing hack) for us to store safe mission vars. Also the localNamespace lifetime would be identical to missionNamespace. Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 22, 2013 Yeah a twin to missionNamespace would have been nice. Share this post Link to post Share on other sites
Simas 12 Posted May 22, 2013 I have submitted a bug tracker feature request for this new "localNamespace". Bug #8555. Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 22, 2013 I upvoted it. Did you put it in Feature Request category? Share this post Link to post Share on other sites
Simas 12 Posted May 22, 2013 Did you put it in Feature Request category? I put it under "Scripting" as the "Feature Request" category is usually ignored by the feedback tracker managers :P Share this post Link to post Share on other sites
Dwarden 1124 Posted May 22, 2013 server side adding with script verification code on the variable content to not be changed :) especially for variables which aren't supposed to be remotely changed anyway remember that further scripting security additions are still on roadmap ... note that BattlEye (or alike security solution) is able to prevent publicvariable on variables names and /or content as you define also Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 22, 2013 server side adding with script verification code on the variable content to not be changed :) especially for variables which aren't supposed to be remotely changedanyway remember that further scripting security additions are still on roadmap ... note that BattlEye (or alike security solution) is able to prevent publicvariable on variables names and /or content as you define also Niiice. What about whitelisting network traffic with battleye? Instead of blocking overwrite of certain public vars, have whitelist of what publicvars can be broadcasted and only those vars? Share this post Link to post Share on other sites
eddieck 10 Posted May 22, 2013 Niiice. What about whitelisting network traffic with battleye? Instead of blocking overwrite of certain public vars, have whitelist of what publicvars can be broadcasted and only those vars? Can't you define a rule like: 5 "" !="nameyouwant" ... Share this post Link to post Share on other sites
killzone_kid 1326 Posted May 22, 2013 Maybe but we don't know if new battleye will follow the same principle. Share this post Link to post Share on other sites
Dwarden 1124 Posted May 23, 2013 Can't you define a rule like: 5 "" !="nameyouwant" ... you can do that' already in OA+BE 1 Share this post Link to post Share on other sites