Limit data stored on server
Kenkron opened this issue ยท 3 comments
Right now, there are a few ways a vicious client could send arbitrary amounts of data to the server. To fix this:
- Remove the register tile packet
- Limit the length of marker id strings
- Limit the number of markers that can be placed on an atlas (can be large, but must be finite)
- Have the server reject any tile packets that are not close to the player providing the tile information or have the server do the map scanning and report to clients.
Thanks to TehNut and pau101 for bringing attention to this, and providing an example exploit.
I believe everything in this issue was addressed as of 7ad9d7d.
Bullet four: client does not actually send tile data to server, so this problem was imaginary.
PROGRESS!
Marker strings and count limited in b73830d.