This isn't necessarily true. A malicious server could open a webpage in the client's Steam overlay browser that's hosted on their own website and uses JavaScript to POST something to steamcommunity.com, like a Steam group join request.
Doctor McKay http://www.doctormckay.com mc...@doctormckay.com On Sat, Mar 30, 2013 at 8:01 PM, Netshroud <netshr...@gmail.com> wrote: > If Steam Community would use GET and POST appropriately, then your concern > would be a non-issue. A GET request shouldn't make any changes. > > On 31/03/2013, at 8:33 AM, 1nsane <1nsane...@gmail.com> wrote: > > Could lead to even worse abuse. > > Steam overlay is logged in to steam. It's been like this forever, there's > thing that rely on it staying that way. > > Since it is logged into steam it would allow malicious servers to do > automatically on their steam accounts. Starting with putting you in a steam > community group soon as you join a server without your consent. To using > exploits and doing much worse things like say forcing you to leave groups > you are an admin of or changing your settings. > > Ages ago when Steam used IE I reported an exploit able to do these things > and valve fixed it. > > > On Sat, Mar 30, 2013 at 5:15 PM, Cameron Munroe <cmun...@cameronmunroe.com > > wrote: > >> ** >> >> I thought I might just put my 2 cents in, so please don't shoot me. >> >> >> Here is what the text I received over chat: >> >> >> This info was taken from a discussion on IRC between SourceMod's Asher >> Baker (Asherkin) and Valve's Tony Paloma (Druken_F00l). Asherkin posted it >> in a discussion then deleted it, but not before someone quoted it. >> And just to make sure it doesn't get lost, I'm also going to quote it >> here too. >> <Drunken_F00l> so i think we're gonna nuke the info panel >> <Drunken_F00l> or at least the ability to send it at arbitrary times >> <@asherkin> :| >> <@asherkin> why? >> <Drunken_F00l> because pinion >> <Drunken_F00l> or more like server ops abusing pinion >> <@asherkin> thus killing things that have existed forever, like using it >> to view stats or to listen to streaming radio >> <Drunken_F00l> it sucks that it might break plugins or game modes using >> it for legit reasons though >> <Drunken_F00l> ya >> >> >> In any case I think what they will only stop motd after initial connect >> thus blocking any abuse by server owners. However I would rather, after >> initial connect, to have links opened by the steam overlay browser. This >> would first fix the issue of Pinion spamming as the player could quickly >> exit out and continue playing there game, not to mention this harms the >> said owner that is spamming the Ad during normal game play because of the >> required completions, and not being able to hold the session for 30 >> seconds. It would also be nicer because you could use this as a simple way >> to open radio programs and such, and in new tabs. Thus no longer will radio >> be quit out once you type !bp. It could also have the added functionality >> of going to a common tab for similar links so if you already had radio >> open, and you open radio again you won't be spammed by two radios playing. >> >> >> Just some thoughts. >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
