-
Gregon13 
About SQL Injection Patching for Source
since gunz has loads of sections that can be injected is it possible/better idea to make a script that would be added to the source which has the sole purpose of handling all sql related queries that forces them to run through a check or what ever so say you go to inject before the query is ran the new script forces the query to be checked and if it's doing more than what it is suppose to it cancels the query?
sorry for lack of punctuation it's 1 am here atm and i'm just shooting off ideas to see others opinions
-
-
Daemonsring Developer
Re: About SQL Injection Patching for Source
Check how GunZ does its anti sql injection function on room names and use that function on other user input strings before storing them in the DB
-
Fuck Army.
Re: About SQL Injection Patching for Source
SQL injection in game is not the only exploit, There is alot of more ways to exploit like crash matchserver.
Example you can do it by "MAX_MD5LENGH".
-
Gregon13
Re: About SQL Injection Patching for Source
@Gunblade
Ok I'll give it a look
@Sahar042
So in other words if i plan to actually fix anything I should actually look through the files and not be lazy ok
Reply With Quote
