We have detected that cookies are not enabled on your browser. Please enable cookies to ensure the proper experience.
Results 1 to 6 of 6
  1. #1
    Join Date
    Dec 2010
    Posts
    8

    Sockets or Pipes.. I need to know

    I'm looking into creating an application that will sync up to my web server, and broadcast things people are looking for and buying.. and can pair people based on Server and want and need.. Thus eliminating long trips to the AH for no reason, if infact there isn't a supply of te item you are looking for.. just a simple..

    Looking For/selling: [ ] (you start typing it'll check a database of items against what you're typing and return relevant choices, then you can either keep typing or select the item from the list..
    List of current offers.. E.G. BUYING and SELLING
    ______________________________ ________________
    | ITEM | TYPE |
    -----------------------------------------------------------------
    | Fire Oil | BUYING |
    | Torn Sword Sheaths | SELLING |
    -----------------------------------------------------------------

    then when the server gets a pair of "buying" and "selling" from 2 seperate players.. it will then echo some information into the chat box stating A MATCH HAS BEEN FOUND FOR: xxxxx, and sound will chime, you will get a dialog showing information about this user, including online status (assuming thats also a possability) if not it will keep a record..

    Once you buy or sell something from the list of what you need or want sold.. you will be obligated to remove that item from the list..

    I may even create an IM system type interface .... but sockets are a must for this application.. or a pipe to a DLL or application... would be fine.. thanks

  2. #2
    Join Date
    Dec 2007
    Location
    Seattle, WA
    Posts
    7,600

    Re: Sockets or Pipes.. I need to know

    Lua has zero interactions with the chatbox (aside from posting stuff to standard) in the current implementation right now.

    Soo.... what part of this is Lua based, and what part's the helper program?
    Maley Oakensage, Captain of Elendilmir

    Alas Elendilmir, may you *jingle jangle* forever in the Forgotten West

  3. #3
    Join Date
    Apr 2007
    Posts
    390

    Re: Sockets or Pipes.. I need to know

    I see no way using the current LUA interface that this is possible. This is exactly why turbine is being very careful about what they are allowing LUA to access. You can't get Auction Hall items, and even if you could, there is no way to link LUA to any external process.

    The answer to your question of Sockets or Pipes is NEITHER. LUA is the answer.
    "Shepherds of the Forest" -- RIP

  4. #4
    Join Date
    Dec 2010
    Posts
    8

    Re: Sockets or Pipes.. I need to know

    Quote Originally Posted by NuclearTonic View Post
    I see no way using the current LUA interface that this is possible. This is exactly why turbine is being very careful about what they are allowing LUA to access. You can't get Auction Hall items, and even if you could, there is no way to link LUA to any external process.

    The answer to your question of Sockets or Pipes is NEITHER. LUA is the answer.
    What? It wouldn't be hard to include a cross-domain policy type feature....

    To protect both the client and the external source... furthermore, if you allow access to external servers via a socket, what can you do? if you just deny access to the hard drive (which to my understanding, there is access to the filesystem... so discussion about 'security' is irrelevant...) then there wouldn't be an issue of if it were safe or not, because a socket isn't an http request its a tcp or udp request, which means its raw data handled the way you handle it, if you can't save the requested information to the hard drive, and run said information, then it isn't a security risk at all..

    I suggest the addition of sockets to the plugin api

  5. #5

    Re: Sockets or Pipes.. I need to know

    Quote Originally Posted by RussellReal View Post
    if you just deny access to the hard drive (which to my understanding, there is access to the filesystem... so discussion about 'security' is irrelevant...) then there wouldn't be an issue of if it were safe or not, because a socket isn't an http request its a tcp or udp request, which means its raw data handled the way you handle it, if you can't save the requested information to the hard drive, and run said information, then it isn't a security risk at all..

    I suggest the addition of sockets to the plugin api
    Access to the hard drive is not the security risk. I do not need access to your hard disk. What I need is memory access and access to TCP or UDP. If I have memory and internet access, I can steal information from you and send the stolen information anywhere in the world.

    As a reminder an http request is implemented via the TCP protocol. If I have access to TCP, I can do anything that http can. Since I am a plugin, I inherit the rights of the program that I am attached to. If the client can write to the disk, so can I.

    By allowing TCP and UDP access and the ability to process these packets, you are giving plugin authors the keys to your PC. People that steal your information via browser issues are sending TCP and UDP packets to your browsers that the browser software can not handle. These hackers have access to one half of the key. They depend on Microsoft making a coding error in the browser. It would so much easier if a hacker could send the packets and process the packets any way they want because you let them install a small program (called a plugin).
    Last edited by Yula_the_Mighty; Jan 30 2011 at 10:39 AM.
    Unless stated otherwise, all content in this post is My Personal Opinion.

  6. #6

    Re: Sockets or Pipes.. I need to know

    Quote Originally Posted by Yula_the_Mighty View Post
    Access to the hard drive is not the security risk. I do not need access to your hard disk. What I need is memory access and access to TCP or UDP. If I have memory and internet access, I can steal information from you and send the stolen information anywhere in the world.

    As a reminder an http request is implemented via the TCP protocol. If I have access to TCP, I can do anything that http can. Since I am a plugin, I inherit the rights of the program that I am attached to. If the client can write to the disk, so can I.

    By allowing TCP and UDP access and the ability to process these packets, you are giving plugin authors the keys to your PC. People that steal your information via browser issues are sending TCP and UDP packets to your browsers that the browser software can not handle. These hackers have access to one half of the key. They depend on Microsoft making a coding error in the browser. It would so much easier if a hacker could send the packets and process the packets any way they want because you let them install a small program (called a plugin).
    Enough with the fear-mongering already. A Lua plugin would only be able to access the data the API allows it to - it's only access to the hard drive is through PluginData, and it cannot access any memory outside of its own variables/tables. Any form of communication implemented in Lua - most likely some form of httpRequest class, would only be able to send what it can access. Likewise, any server that it connects to, would only be able to read the data that was sent to it.

    What you say would be possible if we were talking about an external application that resides in the same "sandbox" (i.e. Windows) as LotRO, but the only security related concern involving some form of httpRequest class within Lua itself, is the possibility that a plugin may send information that the user may not want it to. Like for instance, sending quantities and names of all the items in their bags. The catch here is that other players may want this kind of feature, as it would presumably allow them to check out what their alts have while not in the game. So it would really boil down to how much respect the developer has for players, by making such a feature optional (and presumably disabled by default).
    [CENTER][IMG]http://i.imgur.com/wK9A7aa.png[/IMG]

    [SIZE=1][B][COLOR=white]75[/COLOR][/B] Fourohfour | [B][COLOR=white]75[/COLOR][/B] Artemedis | [COLOR=Blue][B]60[/B][/COLOR] Whiskeytango Foxtrot | [B][COLOR=#00ca00]50[/COLOR][/B] Mistah Boombastic | [B][COLOR=#00ca00]56[/COLOR][/B] Appetizer | [B][COLOR=#a7a7a7]25[/COLOR][/B] Aggromi | [B][COLOR=blue]61[/COLOR][/B] Onepointtwentyone Gigawatts [/SIZE] [/CENTER]

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload