People able to crash GUI elements/games thru spamming

[Toxici11i]

Just had a guy figure out how to crash people on the main server thru spamming phi.sendcolonist() and phi.senditem() by querying so many tabs the game integer overflows/just nopes due to some inbuilt limit and either crashes, or removes your GUI and pauses your game until reload of save

[thomotron]

I've done some digging and it seems that you can send a transaction to the server and claim for it to be accepted by the recipient, so the server sends it through and the client accepts it blindly.

[Toxici11i]

@thomotron I have found the same thing. Infact, your "Consent" is just a simple packet that can be sent by -anyone- By initiating the starting trade that he does, he grabs your id, and proceeds to then send a packet ( i have to find its name, if you ask ill tell you ) that contains your id and the necessary data to force it thru. Phi has very little server security, as im running my own modified client as it stands

[Longwelwind]

Damn, it looks like I indeed didn't check if the packet comes from the right person when receives it.

I have to admit that this mod was not supposed to be more than just a proof-of-concept, thus why I didn't put an emphasis on security. I'll make the fix right now.