It's implemented in the back-end on my server, the plugin doesn't communicate directly with my databases, don't worry about that, every input is checked correctly. And I wanted to create a service for server owners, for which the code is only meant to work with. And I do know that plugins are capable of a lot of things, but for myself I see of no reason why to abuse that, as much as the word of a stranger can be accounted for.
And if you were to sniff the traffic, you'd see a connection to a loadbalancer that would give you the address of one of my other hosts, a connection to the new host that begins with authentication, and then raw binary data, which are the demos. On Wed, Jul 20, 2016 at 3:08 PM, Robin Groppe <[email protected]> wrote: > Hm, from my point of view thats the wrong way. > Never trust a client. The security should be implemented in your server > application not the plugin itself. > Personaly I am a great fan of open source and I dont see any reason for > this plugin to be proprietary. > And apart from that i wouldnt use any plugin i can not read the code from > on one of my servers. > Plus it may be a security issue to have sensitive data in the plugin. What > if you have not thought about a certain situation? What will I see when I > sniff the traffic? > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
