Menu
▾
▴
#47 Positive list for execclient
I would recommend a positive list for commands for use
with execclient() rather than the blacklist used now.
Admins can destroy configurations in a way we cannot
think of at the moment and there are only a few
commands, which are really helpful.
Ristrictions are quite good so far, but a positive list
can improve it a lot.
Logged In: YES
user_id=169860
Been there, done that, got the T-shirt.
Admin Mod used to have a positive list before switching to a
negative list. Have you been around during that discussion?
Considering its arguments, do you think that the situation
has changed enough to warrant switching back to a positive
list again?
Logged In: YES
user_id=670048
No haven't been. Just checked the team list.
Actually, I haven't seen any pros or cons listed there. The
only thing I found was you Asking whether all agree changing
to the blacklist.
If I understand it correctly, it had something to do with
yensid's ogc detection plugin which isn't used anymore. I
see no other reason for having a blacklist.
Actually, I want to get rid of those guys using plugins like
plugin_slowhack. They ruin not only the configuration of
cheaters but also those they don't like. Admin mod tries to
protect the clients more than any other metamod plugin and
it would be a good idea to make a positive list. We can
easily track the good commands by making a scan through the
existing plugins.
Logged In: YES
user_id=169860
No, Yensids anti-cheat had nothing to do with at, at least
not as far as I remember. We switched from a whitelist to a
blacklist because the whitelist proved to be a support
nightmare.
This has to do with the philosophy behind Admin Mod's
command restriction. On one hand we do not want to allow
plugin authors and users to cause damage or data loss or
damage to a game client. On the other hand we do not want to
overly restrict plugin authors in their possibilities.
When the whitelist was in place we had many requests to use
this and that and the other command. For each command
whitelisted we had to update Admin Mod. From past experience
I would disagree that there are only a few commands that are
really helpful, but would say that there are only a few
commands that are really dangerous (most have been 'defused'
by Valve by now, even). It is far more common that someone
finds a good use for a command than someone finding a real
exploitable use for a command.
That is why we switched to a blacklist. This cut down on
maintenance costs considerably since far fewer commands were
requested to be restricted, compared to many requests to put
commands on the whitelist.
Each command requested was discussed whether to blacklist
it, where we would usually aim for safety but err on the
side of annoyance in favour of good use for a command.
Another problem with a whitelist is that ways can be found
around command restrictions. The more hinderance the
restriction is for people who intend to put commands to good
use the more energy will be put into finding those ways
around them. That will eventually render the restriction
system useless and cause more maintenance costs. I believe
that using a blacklist (which is not overly restrictive, of
course but focuses only on the necessary cases. Otherwise
you'd have the same effect) doesn't elicit the same
energetic search to defeat it.
Judging from the past I would still rather stay with the
current blacklist system and suggest to discuss the addition
of specific commands that you feel needing to get
blacklisted, instead of switching to a whitelist again.