User talk:Major Zeman
From WolfWiki
Just a quick note: the cl_guid in userinfo is pretty easy to spoof. -ReyalP 15:18, 20 April 2007 (PDT)
- - Is that the etpro one or the pb's one? Thought it was pb's one :S (fortunately I don't use it for anything important) Any suggestions what would be better there? Anyways, thanks for the warning --Major Zeman 15:28, 20 April 2007 (PDT)
- cl_guid is the pb GUID. If you are just using it for stats restore or something like that, it's not an issue. If you are using it for authentication, you should be aware of this. You could get it from sending PB commands (which get it internally rather than from userinfo AFAIK) to the console and reading it back from the log file, but this is a serious pain. It is also still possible to spoof, although much harder. Even if you are using it for authentication, to steal someone elses ID would require knowing their full PB GUID, which isn't normally visible to other players. Of course, server logs and PB screenshots can leak this information out. -ReyalP 18:32, 20 April 2007 (PDT)
- - Thanks, I see where's the problem now. --Major Zeman 23:49, 22 April 2007 (PDT)
- cl_guid is the pb GUID. If you are just using it for stats restore or something like that, it's not an issue. If you are using it for authentication, you should be aware of this. You could get it from sending PB commands (which get it internally rather than from userinfo AFAIK) to the console and reading it back from the log file, but this is a serious pain. It is also still possible to spoof, although much harder. Even if you are using it for authentication, to steal someone elses ID would require knowing their full PB GUID, which isn't normally visible to other players. Of course, server logs and PB screenshots can leak this information out. -ReyalP 18:32, 20 April 2007 (PDT)
