Code contributions / Source control

Discuss everything about Xymph's Aseco flavoured server control scripts for TM Forever / classic TMN and for TM² Canyon.

Moderators: Xymph, TM-Patrol

Post Reply
sotn0r
cyclist
cyclist
Posts: 31
Joined: 04 Jan 2011 18:10
Owned TM-games: TMU, TMNF
Contact:

Code contributions / Source control

Post by sotn0r » 05 Feb 2015 23:52

Hi,

due to recent events, I would like to add some additional security measures to XASECO's masteradmin/admin/ops system.

So, how does one contribute to XASECO's source code? Any plans to maybe publish the code to Github or any other source control platforms, where one can submit changes for review?

Xymph
Pit Crew
Pit Crew
Posts: 5719
Joined: 19 Aug 2007 12:58
Owned TM-games: TMN, TMU, TMF, TM²
Contact:

Re: Code contributions / Source control

Post by Xymph » 06 Feb 2015 18:48

sotn0r wrote:due to recent events, I would like to add some additional security measures to XASECO's masteradmin/admin/ops system.
What events, which measures?
sotn0r wrote:So, how does one contribute to XASECO's source code? Any plans to maybe publish the code to Github or any other source control platforms, where one can submit changes for review?
Nope. You can post in this forum, as always.
Developer of XASECO for TMF/TMN ESWC & XASECO2 for TM²: see XAseco.org
Find your way around the Mania community from the TMN ESWC hub, TMF hub, TM² hub, and SM hub

sotn0r
cyclist
cyclist
Posts: 31
Joined: 04 Jan 2011 18:10
Owned TM-games: TMU, TMNF
Contact:

Re: Code contributions / Source control

Post by sotn0r » 06 Feb 2015 19:04

Xymph wrote: What events, which measures?
Someone managing to impersonate TMF accounts on some of the servers that I am hosting and with that gaining masteradmin abilities on XASECO, which allowed them to steal coppers, change the server name to some offensive phrases and all in all just piss people off.

The changes I want to suggest are e.g. being able to restrict masteradmins/admins/ops not only to a specific IP address but IP ranges, IPs with wildcards or specific countries using a geoip-db.

Also, i concern being able to read the masteradmin/admin/ops list from in-game as a security risk, which one should be able to switch off in the config files.
Xymph wrote: Nope. You can post in this forum, as always.
That's a pity. :(

Xymph
Pit Crew
Pit Crew
Posts: 5719
Joined: 19 Aug 2007 12:58
Owned TM-games: TMN, TMU, TMF, TM²
Contact:

Re: Code contributions / Source control

Post by Xymph » 06 Feb 2015 19:50

sotn0r wrote:Someone managing to impersonate TMF accounts on some of the servers that I am hosting and with that gaining masteradmin abilities on XASECO, which allowed them to steal coppers, change the server name to some offensive phrases and all in all just piss people off.
Please share any identifying info about the culprit(s) in PM, Slig and I are investigating Dedimania abuse which may (or may not) be related.
sotn0r wrote:The changes I want to suggest are e.g. being able to restrict masteradmins/admins/ops not only to a specific IP address but IP ranges, IPs with wildcards
That's already possible.
sotn0r wrote:or specific countries using a geoip-db.
That isn't.

However, there's also the access plugin - but that's for all logins, not specific ones.

Edit: And there's /admin banip.
sotn0r wrote:Also, i concern being able to read the masteradmin/admin/ops list from in-game as a security risk, which one should be able to switch off in the config files.
Once someone gains masteradmin access, all bets are off anyway. But disabling them is already possible too.

Read the entire docs sub-site before posting. :wink:
Developer of XASECO for TMF/TMN ESWC & XASECO2 for TM²: see XAseco.org
Find your way around the Mania community from the TMN ESWC hub, TMF hub, TM² hub, and SM hub

sotn0r
cyclist
cyclist
Posts: 31
Joined: 04 Jan 2011 18:10
Owned TM-games: TMU, TMNF
Contact:

Re: Code contributions / Source control

Post by sotn0r » 06 Feb 2015 20:05

Thanks for the information and sorry for not knowing all that. :)

My man concern was the thing about source control, which is also clarified.

I'll pm shortly.

TheBigG
smooth traffic navigator
smooth traffic navigator
Posts: 234
Joined: 16 Oct 2010 19:45
Owned TM-games: TMN! TMF
Location: Germany

Re: Code contributions / Source control

Post by TheBigG » 08 Feb 2015 09:55

sotn0r wrote:
Xymph wrote:to a specific IP address but IP ranges, IPs with wildcards or specific countries using a geoip-db.
useless, you can simply spoof your ip by setting "force server addr" to everything you want

sotn0r
cyclist
cyclist
Posts: 31
Joined: 04 Jan 2011 18:10
Owned TM-games: TMU, TMNF
Contact:

Re: Code contributions / Source control

Post by sotn0r » 08 Feb 2015 19:42

:shock: shockingly, thats true. Thx for the hint.

Post Reply