ONLINE NOW: 30 LAST 24 HOURS: 85
| « First | < | 51 | 52 | 53 | 54 | 55 | > | Last » |
Halloween items are gone and poppies are now online, if you don't know why then check on Google. Next on my list of things to do before the attack system rebuild is the terms of service rewrite, some rules need to be put in place to cover the chaos which is currently the flame forum for a start. Other rules will be clarified, removed and rewritten.
The upcoming LegCon will have no predefined topic, but I do have a few issues I wish to raise. Some regarding staff, Legacy Affairs and a couple of possibly controversial suggestions. The main one being the possibility of opening all the special outfit items we have for christmas / halloween / etc, up for individual purchase. I know quite a few people want some of the items permanently, not sure how players or the graphics staff who put all the work in to making the events special would react to the idea.
Also more information on my upcoming plans and projects, everything will be logged if you can't make it so check that after!
The upcoming LegCon will have no predefined topic, but I do have a few issues I wish to raise. Some regarding staff, Legacy Affairs and a couple of possibly controversial suggestions. The main one being the possibility of opening all the special outfit items we have for christmas / halloween / etc, up for individual purchase. I know quite a few people want some of the items permanently, not sure how players or the graphics staff who put all the work in to making the events special would react to the idea.
Also more information on my upcoming plans and projects, everything will be logged if you can't make it so check that after!
All these error messages suck, I'm going to tone back the CSRF protection a bit to fix them. Right now the key changes constantly as you cycle through pages, this seems a little overkill for the problem. As long as you don't go entering the "key=value" from your URL in to any other sites it should be pretty secure with a more static key. I think I'll try just changing it on logins for now, then see if I can write an exploit that will get around it.
I'll be waiting a few days before releasing the source code for the exploit, sorry for the inconvenience of all these error messages. They will be fixed shortly.
I'll be waiting a few days before releasing the source code for the exploit, sorry for the inconvenience of all these error messages. They will be fixed shortly.
If you're wondering where I've been recently in terms of updates, that will all become apparent tomorrow as my 100+ script update syncs over from the development server. Sadly none of these updates are interesting, just a mass security update for CSRF exploits. In the end the original idea of monitoring what scripts people came from fell through as it could be bypassed with the clever use of frames and javascript.
Instead this update will use unique tokens generated on scripts that are about to do something, then passed to the scripts that actually perform the action and checked. This change will mean that you cannot use the back button and then perform most actions. I'll be monitoring how much of an impact this has on players and how often this error occurs over the coming days.
This security fix has required me to manually edit pretty much every script in the game that performs any action. It was very boring, involved thousands of lines of copying and pasting but now it is done. As a result image tags will be re-enabled on forums after this update goes live, I'll also be posting proof of concept code of this exploit to anyone interested or worried that it may effect other sites.
Instead this update will use unique tokens generated on scripts that are about to do something, then passed to the scripts that actually perform the action and checked. This change will mean that you cannot use the back button and then perform most actions. I'll be monitoring how much of an impact this has on players and how often this error occurs over the coming days.
This security fix has required me to manually edit pretty much every script in the game that performs any action. It was very boring, involved thousands of lines of copying and pasting but now it is done. As a result image tags will be re-enabled on forums after this update goes live, I'll also be posting proof of concept code of this exploit to anyone interested or worried that it may effect other sites.
Friday 12th November at 5pm server time I will be hosting the 3rd LegCon. There will be a few Staff there (Usually Myself, Zorg and Pie) and maybe one from each department. This LegCon we haven't specified an agenda and would like all gangs to target their main issues. I would say it's an hour long but these events sometimes peek 2-3 Hours. If we have some time after it suppose we can have a small Q&A session. 
If you're interested in being a rep for your gang or would like to raise a point you will find a thread in your Member Forums.
Links:
o LegCon Page
o LegCon Log #2
o LegCon Log #1
If you have any questions just post in one of the threads or mail me! On another note I hope you enjoyed the Halloween Event, I would like to thank faelust, bcfcespley and DMaster from my team for helping me set it up and stuff! I'm not sure when the next one will be but it won't be far off. Also I know DMaster is thinking of doing an AH in the next few weeks so keep your eye out for that.
If you're interested in being a rep for your gang or would like to raise a point you will find a thread in your Member Forums.
Links:
o LegCon Page
o LegCon Log #2
o LegCon Log #1
If you have any questions just post in one of the threads or mail me! On another note I hope you enjoyed the Halloween Event, I would like to thank faelust, bcfcespley and DMaster from my team for helping me set it up and stuff! I'm not sure when the next one will be but it won't be far off. Also I know DMaster is thinking of doing an AH in the next few weeks so keep your eye out for that.