pokemon-showdown

mirror of https://github.com/smogon/pokemon-showdown.git synced 2026-05-21 06:37:09 -05:00

History

Cathy J. Fitzpatrick b290447bb7 Remove `localsysop` setting The `localsysop` setting is dangerous and allows an attack where an attacker constructs a malicious webpage that makes a connection to `localhost` on the appropriate port and then takes over the server. Since the dev console can be used from `localhost` by default, this would include the ability to run arbitrary code on the server computer. Any server operator who browses the internet on the same computer where she or he hosts the server (such as some small-time server operators) would be vulnerable to having their computer taken over merely by visiting any webpage on the internet under the control of the attacker.	2013-04-05 23:27:12 -06:00
..
config-example.js	Remove `localsysop` setting	2013-04-05 23:27:12 -06:00

Cathy J. Fitzpatrick b290447bb7 Remove localsysop setting

The `localsysop` setting is dangerous and allows an attack where an
attacker constructs a malicious webpage that makes a connection to
`localhost` on the appropriate port and then takes over the server.
Since the dev console can be used from `localhost` by default, this
would include the ability to run arbitrary code on the server computer.

Any server operator who browses the internet on the same computer
where she or he hosts the server (such as some small-time server
operators) would be vulnerable to having their computer taken
over merely by visiting any webpage on the internet under the
control of the attacker.

2013-04-05 23:27:12 -06:00

config-example.js Remove localsysop setting 2013-04-05 23:27:12 -06:00