G2O About external modules.

[Bimbol]

Hello,
while making update, I was thinking about external modules. And there is something what worries me. I'm talking about security.
What if, someone will create dangerous module and then will use it on his own server? Client will just download the module, without checking what is this (scanning). This is a very big problem, so I asking you, what do u think about the external modules on the client side? How we can control it? Or should we remove client side modules?

I'm waiting for your propositions.

Your GO Team.

[muu]

Remove.

[Sative]

Remove.

Nope.

[AJJ]

1. Developer sends the source code to administrator
   
2. Administrator checks and compiles it
   
3. Load it on file sharing and creates a topic with a link
   

[Silvio]

Remove.

Nope. It is not a solution to the problem.

Actually it is not dangers. User's download hundreds of viruses on his PC every day. You as developers are not to blame. There are many popular free development tools, which may threaten the user's computer. I think it is necessary to retain everything as is. If an attacker wants to do something, he will do it without Gothic Online.

You are not responsible for the misdeeds of others people.

1. Developer sends the source code to administrator
   
2. Administrator checks and compiles it
   
3. Load it on file sharing and creates a topic with a link

Модули написанные кем-либо не должны становиться достоянием общественности, даже в закрытом, компилированном виде. Вариант в принципе неплохой, но проблемы не решает.
Modules written by anyone should not become publicly available.

[Julian]

The modules are one of the things that makes this g2 multiplayer better than the other ones currently available. If you realy want to remove it, you als have to remove the whole download functionality otherwise there are still many ways to load malicious code on the client system(e.g. proxy dlls or windows scripts).

If you realy want to remove the function, then make it optional. Let the launcher view an additional line which tells the useres if the server wants to execute "unsafe" code on the client or not. The users will have to decide if they  want to trust the server owner or not.

As Silvio already said, you should not worry about the bad things other people can do with you programm. Just add a paragraph to the terms of use which states, that you are not responsible for any abuse of your software.

[Bimbol]

The modules are one of the things that makes this g2 multiplayer better than the other ones currently available. If you realy want to remove it, you als have to remove the whole download functionality otherwise there are still many ways to load malicious code on the client system(e.g. proxy dlls or windows scripts).

If you realy want to remove the function, then make it optional. Let the launcher view an additional line which tells the useres if the server wants to execute "unsafe" code on the client or not. The users will have to decide if they  want to trust the server owner or not.

As Silvio already said, you should not worry about the bad things other people can do with you programm. Just add a paragraph to the terms of use which states, that you are not responsible for any abuse of your software.

This isn't solution. There is already a module, which allow you to open cdrom. G2O need admin rights, so loaded module can do everything.
I don't know how should I check if code is unsafe, so probably the best idea is make authorized modules.

Any others proposition?

[Julian]

The modules are one of the things that makes this g2 multiplayer better than the other ones currently available. If you realy want to remove it, you als have to remove the whole download functionality otherwise there are still many ways to load malicious code on the client system(e.g. proxy dlls or windows scripts).

If you realy want to remove the function, then make it optional. Let the launcher view an additional line which tells the useres if the server wants to execute "unsafe" code on the client or not. The users will have to decide if they  want to trust the server owner or not.

As Silvio already said, you should not worry about the bad things other people can do with you programm. Just add a paragraph to the terms of use which states, that you are not responsible for any abuse of your software.
This isn't solution. There is already a module, which allow you to open cdrom. G2O need admin rights, so loaded module can do everything.
I don't know how should I check if code is unsafe, so probably the best idea is make authorized modules.

Any others proposition?

You can not check if code is save. But you can say that any server that uses modules(clientside) IS unsafe. But that would only be a warning for the players which tells them that they need to find out theirselfes if they can trust this server.

[Bimbol]

So like I said, we can create list of authorized modules, and then just check md5. If module on this server isn't authorized, then just show msgBox like this one

[HammelGammel]

I think that is a good solution. When the server uses only authorized modules, everything is normal, but if one of the modules isn't authorized, the launcher displays a warning (Maybe even show the name of the module in the window), but you can still connect to the server if you want (Or you would't be able to use and test your own modules until someone authorizes them).