SphereServer BugTracker - SphereServer
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002406SphereServerexecutable - genericpublic23-09-14 20:2323-09-14 20:23
ReporterCoruja 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Nightly VersionAutomated (specify build number)
Experimental FlagsNone
Option FlagsNone
Internal Build Number
Summary0002406: [MAJOR] Security problems on AOS House Customization engine
DescriptionI found 2 security problems on AOS House Customization engine. Both occours when I use COMMIT on the customization menu

1) All doors used on the customization menun will be created using using type t_door by default, and not t_door_locked. This can leak serious security issues with ppl being able to enter on all custom houses without any access/key because the door is not locked

------------------------------------

2) When commit a new design, all doors/teleports already placed on previous house design will be removed and replaced with new created items. This will make the item reset properties like uid/type/events/tags, which means: lose all security settings.

Example: I got a metal front door on position 10,10 (X,Y) with TAG.Access=2 to allow only friends use this door. Later I enter on menu to create some random walls without touch on this door, but when I press commit, this door will be removed and replaced with a new one which will be created with empty tags/events/etc. So the door will change the UID and will lose all security setting

I think the best way to fix this is prevent sphere replace the door/teleport with a new one on COMMIT if the same door/teleport is already created on the same position
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
23-09-14 20:23CorujaNew Issue

There are no notes attached to this issue.