To my knowledge, most servers have their usermaps setup in a way where every map in the server (released and unreleased) are in the same folder. So you can actually download any map in that usermaps folder by just changing the path to the desired map. This is a huge problem because people can easily see what map is being tested on a private server for example, and then just use the download link and point the path to that map and then download it. Random people can and have exploited this to get access to maps they should not have had access to.
Is there some way to split the usermaps into two folders, or have some other way to set "released" and "unreleased" maps to prevent this? We have the full list of all "released" maps so perhaps something like, if the mapname doesn't match anything on that list, then prevent download? Only time to allow downloading unreleased maps is when you are connecting to a private server that is currently playing an unreleased map.
iznogod
commented
2 years ago
To my knowledge, most servers have their usermaps setup in a way where every map in the server (released and unreleased) are in the same folder. So you can actually download any map in that usermaps folder by just changing the path to the desired map. This is a huge problem because people can easily see what map is being tested on a private server for example, and then just use the download link and point the path to that map and then download it. Random people can and have exploited this to get access to maps they should not have had access to.
Is there some way to split the usermaps into two folders, or have some other way to set "released" and "unreleased" maps to prevent this? We have the full list of all "released" maps so perhaps something like, if the mapname doesn't match anything on that list, then prevent download? Only time to allow downloading unreleased maps is when you are connecting to a private server that is currently playing an unreleased map.