PenUltima Online Forum Index Official Core: 096.7
Official Core: 097 2008-02-26
Donate towards the POL web hosting bill!
 POL Home   FAQ   Search    Memberlist   Usergroups    Register    Profile   Log in to check your private messages   Log in
Auxsvc.cfg and IPMatch/RawData

 
Post new topic   Reply to topic    PenUltima Online Forum Index -> Feature Suggestions
 Display posts from previous 
Display posts from previous:   

 Auxsvc.cfg and IPMatch/RawData 
Author Message
RazorTongue



Joined: 23 Apr 2007
Posts: 26
PostPosted: Thu Nov 15, 2007 4:47 pm    Post subject: Auxsvc.cfg and IPMatch/RawData Reply with quote
Aux-connection's are often used to handle critical/real-time mechanisms. From the other side, without proper authentication, it can bring many security flaws(here, I have to mention unpacking errors causing allocation of GBytes of memory - fixed in RC5).

I suggest adding two fields into auxsvc.cfg(per service):
-IPMatch
-RawData

For critical data sent via aux connection, we could use 'IPMatch 127.0.0.1' (ie. if we use aux to create accounts via php script), so nothing bad will happen.

I've also noticed that sending great amounts of packed aux data(strings/arrays) via aux connection still degrades performance(we can perform flood attack without actually sending much data ie. 's100:', 's100:', 's100:') - that could be moderated with RawData field(setting RawData to 1, would disable receiving and sending packed data).

Post new topic   Reply to topic    PenUltima Online Forum Index -> Feature Suggestions All times are GMT - 4 Hours
Page 1 of 1

 




Powered by phpBB © 2001, 2005 phpBB Group :: Theme & Graphics by GHS & Scott E. Royalty