| Description | I found 2 security problems on AOS House Customization engine. Both occours when I use COMMIT on the customization menu
1) All doors used on the customization menun will be created using using type t_door by default, and not t_door_locked. This can leak serious security issues with ppl being able to enter on all custom houses without any access/key because the door is not locked
------------------------------------
2) When commit a new design, all doors/teleports already placed on previous house design will be removed and replaced with new created items. This will make the item reset properties like uid/type/events/tags, which means: lose all security settings.
Example: I got a metal front door on position 10,10 (X,Y) with TAG.Access=2 to allow only friends use this door. Later I enter on menu to create some random walls without touch on this door, but when I press commit, this door will be removed and replaced with a new one which will be created with empty tags/events/etc. So the door will change the UID and will lose all security setting
I think the best way to fix this is prevent sphere replace the door/teleport with a new one on COMMIT if the same door/teleport is already created on the same position |
Relationships 
Relationships 