Several convars are already bounded by server variables, if you mail me off list with other convars that need bounding we can investigate adding that.
- Alfred Wim Barelds wrote: > -- > [ Picked text/plain from multipart/alternative ] > So instead of fixing a problem, you're going to just hide from it? > Can't that exact same 'exploit' still be used to triiger "fps_max 2" > on > clients? > Can't that exact same exploit still trigger client commands? > > No it's not acceptable to check cvars and kick offenders, for one > because > people will change variables after changign the server, and checking > the > value > every few seconds is neither efficient, nor save, nor should it be > needed. > Players should not be required to know exactly which cvars we block, > sure > some of them have an exploit nature, but some are also blocked since > they > should have no place in competitive play. A player simply executing > his > config, or setting a competition blocked cvar to something else > should not > be kicked from the server. He should be prevented from changing said > cvar. > > zBlock specifically supported the "restrict_server_commands" > convariable as > quite simply it's only fair. zBlock however can not function > *properly*without > any abbility of preventive protection. > > As a final question, in previous emails you've stated that you would > also > provide > an interface that would not only allow plugins to query client > variables, > but also > to effectively restrict certain convariables to set values, which > would then > not be > saved into the config. While the need for this has been minor with the > abbility of > triggering client commands, it would certainly be something that's > going to > be > needed if VALVe indeed intends to keep the abbility to trigger client > commands > 'removed'. Assuming that it will indeed remain removed, are there any > plans > to > follow up on this instead (ofcourse preferably before this gets out of > beta)? > > On 4/27/07, Alfred Reynolds <[EMAIL PROTECTED]> wrote: >> >> The convar was removed as we had no effective way to otherwise >> protect it. Large numbers of servers were using exploits to set the >> value of this cvar without the users permission. >> >> If you write a plugin that runs client commands and you believe you >> have a command that won't let you exploit a users game process (i.e >> rebind keys, kills them, etc) then mail me (offlist) the details and >> we can talk about adding it to the allowed list. >> >> Zblock in particular can still function perfectly, they can use the >> API we specially added for them to query CVAR values and then kick >> users with cvars outside of their configuration ranges. >> >> - Alfred >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Dan E >> Sent: Friday, April 27, 2007 8:45 AM >> To: [email protected] >> Subject: RE: [hlds] RE: [hlds_linux] Source Engine Dedicated server >> beta (cl_restrict_server_commands) >> >> Yes, I commend Valve for getting betas out now instead of having >> things come out broken. I've already tried to help by letting >> Alfred know about some issues with the new release. I'm just >> curious as to what the missing cl_restrict... is about. >> >> Dan >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of NaughtyGeek >> Sent: Friday, April 27, 2007 11:24 AM >> To: [email protected] >> Subject: RE: [hlds] RE: [hlds_linux] Source Engine Dedicated server >> beta (cl_restrict_server_commands) >> >> I'm really going to have to disagree with you on this one. We all >> jumped up and down and said we needed betas before releases and here >> we are with a beta to test. Change is a necessary evil and most of >> the people here seem to have made assumptions with the information >> that was provided. The cl_restrict.... may have been removed, but >> Alfred has yet to reply to this list stating if it's been replaced, >> revised or otherwise. Everyone seems to be eager to jump down >> Valve's throat without acknowledging the fact that they are making >> an effort to work with us. Where's the big shout out to Valve from >> you guys that were spamming this list after every update you didn't >> get a beta for. We all know that updates will likely break things >> and it sucks to have to always find a new way to skin the same cat, >> but that's the way software works and most of you know that. >> >> Alfred, thanks from those of us who appreciate the steps you're >> making at trying to work with the community rather than against it. >> >> >> >> >> -------------- Original message ---------------------- >> From: "Keeper" <[EMAIL PROTECTED]> >>> Plugin makers work hard to make plugins that help server operators >>> as well as bring some new fun into the game for players without >>> having to redistribute a mod. Valve is falling over itself to keep >>> us from doing this. It's the community support and creativity that >>> keep a game alive, and they have never gotten this. >>> >>> I'll tell you this, when HL2DM dies for me, steam will disappear >>> from my computer for good. I will never buy another thing from them >>> again. Unless they change their outlook towards the existing >>> community and put some effort into supporting us. >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > -- > ___________________________ > Wim 'TheUnknownFactor' Barelds > [EMAIL PROTECTED] > -- > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
