Protect IOS from data leakage

[kaetemi]

The IOS stores static strings in a cache, the client can request these by numeric value. The numeric values are sequential, which is handy for fast lookups on the server.

However, it's possible to abuse this mechanism to download all serverside static strings. This leaks private guild MOTD, and may spoil leveldesign texts.

Two proposed solutions:

• Use a hashed transformation on the ID. Less predictable, but can still be figured out after enough data points.
• Randomly skip identifiers, and instantly permaban any account that attempts to request invalid identifiers. This effectively blocks attempts at brute forcing all the identifiers. It does cause a larger identifier space to be used. Easy to implement.

[mlcdev]

Randomly skip identifiers, and instantly permaban any account that attempts to request invalid identifiers.

Bug in client could lead to request and mass ban of innocent players.

[kaetemi]

Hahaha. "bug" ;)