Disable client auth checks #8492
Conversation
|
i feel like this is a double-edged knife scenario , yes this will allow a bunch of people to connect when byond is having issues , but this also permits the people collecting hardware ID's and IP's (using fake servers) to join under the ACTUAL name of someone who joined any of their servers. (So if a admin joins a fake Eris and has his Hardware ID , IP and Certificate duplicated , someone could fake his ckey without authorization from byond hub with just his certificate). I suggest making this a setting that is on by default and that can be configured to be off perhaps. |
|
While there might be some security implications, I wouldn't go as far as to state theoretically possible issues as facts. For you see, when spoofing happened in SS13 in the past, it was due to hub's own vulnerabilities, and no amount of mandatory hub verification helped. That said, I'm not a cybersecurity guy, and this is not something I personally test. Then again, neither do you. |
Even TG mentions they don't know how secure the authentification checks are and the reason that they are doing it is because they force admins to log in through a website ontop to get acces to admin powers. |
About The Pull Request
Basically a mirror of tgstation/tgstation#83435
Why It's Good For The Game
BYOND hub experienced technical issues recently, and players were unable to join due to that.
This change should prevent hub issues from affecting Eris.
Testing
Not possible to test currently (the hub is back online), but this compiles and runs fine.
Changelog
🆑
server: Disabled BYOND hub-based authentication.
/:cl: