| 1 |
The short answer is yes but no.
|
1 |
The short answer is yes but no.
|
| 2 |
\n
|
2 |
\n
|
| 3 |
There is no [b]authorative[/b] way to determine if an opponent is running nondefault scripts without locking luaui which would defeat the purpose. Essentially whatever report you get from the client can be tampered with due to the nature of how widgets and luaui works. Sure you can make things report to you, but the report resides in client land which is user modifiable. LuaRules does not have means to access luaui information without crossing into luaui land. Anything in luaui is trivially reprogrammable.
|
3 |
There is no [b]authorative[/b] way to determine if an opponent is running nondefault scripts without locking luaui which would defeat the purpose. Essentially whatever report you get from the client can be tampered with due to the nature of how widgets and luaui works. Sure you can make things report to you, but the report resides in client land which is user modifiable. LuaRules does not have means to access luaui information without crossing into luaui land. Anything in luaui is trivially reprogrammable.
|
| 4 |
\n
|
4 |
\n
|
| 5 |
There's multiple ways to go about this:
|
5 |
There's multiple ways to go about this:
|
| 6 |
\n
|
6 |
\n
|
| 7 |
- Ofuscation of widget names, assuming a list of widgets is provided. All it takes is a malicious actor naming their widgets just spaces or some obscure/benign sounding name, or even replacing default code of some obscure widget that has limit use (say the widget that makes pings smoke).
|
7 |
- Ofuscation of widget names, assuming a list of widgets is provided. All it takes is a malicious actor naming their widgets just spaces or some obscure/benign sounding name, or even replacing default code of some obscure widget that has limit use (say the widget that makes pings smoke).
|
| 8 |
- Tampering with the report itself and always returning a default setup. There's no way to make the code server side (ie gadget) to see client side information.
|
8 |
- Tampering with the report itself and always returning a default setup. There's no way to make the code server side (ie gadget) to see client side information.
|
| 9 |
- starting widgets up via a handler widget using method one post check.
|
9 |
- starting widgets up via a handler widget using method one post check.
|
| 10 |
\n
|
10 |
\n
|
| 11 |
A
better
solution
would
be
to
just
lock
luaui
for
1v1s
and
call
it
a
day.
There's
even
a
moderation
for
it
already.
|
11 |
A
better
solution
would
be
to
just
lock
luaui
for
1v1s
and
call
it
a
day.
There's
even
a
modoption
for
it
already.
|
Information about script status