This doesn't sound like too much of a potential security problem to me. If the URL (et al) is stored and served up by the metaserver, then it would be very simple to have the data be verified manually (by admins) when the server is registered. Alternatively, I can't imagine it would be too much work to verify the URL similar to the way many modern browsers check for suspicious sites - lists and/or Google's PR. Also a notice/warning could be tagged on saying that the user should be suspicious of any untrusted sites/links since they're not hosted by TP. A combination of these 3 seems most reasonable - automatic detection with manual override / approval, after which the warning could be removed.
Or of course, we could only allow URLs to TP hosted info (limited to PDFs, wiki, etc?). Which now that I think about it, may have been what you were getting at ;P. - Tyler On 6/10/07, Sijmen Mulder <[EMAIL PROTECTED]> wrote:
Hi, I wonder whether that would be a security risk. If a server could just give any URL, one could setup a server with the sole purpose to redirect users to a malicious website. Depending on what browser is used, this could give some problems, or not? Op 10-jun-2007, om 15:07 heeft Jure Repinc het volgende geschreven: > Ahoy all > > While thinking a bit about rulesets this morning I got an idea for > better support for ruleset information in TP protocol. > > Usecase: A user opens the client and opens the list of servers that > user > can connect to. User sees different servers with different rulesets. > Which one is the right one? User would like to see various information > about rulesets: name, difficulty level, short description, story > behind > it, all rules with object descriptions and data... > > Suggestion: The protocol should enable sending the above > information and > the ruleset modules should be required to provide this information to > server. Maybe the longer parts (story, rules, objects data) could be > provided in the form of an URL pointing to location with the > information. Clients could then open these URLs in external browser or > using an integrated internal browser. > > What do you think about this? Is TP04 the right version to get this > in? > Should it wait for TP05? > > -- > JLP's Blog - http://jlp.holodeck1.com/blog/ > _______________________________________________ > tp-devel mailing list > [email protected] > http://www.thousandparsec.net/tp/mailman.php/listinfo/tp-devel -- Sijmen Mulder _______________________________________________ tp-devel mailing list [email protected] http://www.thousandparsec.net/tp/mailman.php/listinfo/tp-devel
_______________________________________________ tp-devel mailing list [email protected] http://www.thousandparsec.net/tp/mailman.php/listinfo/tp-devel
