[MadTommy]

Quote:

Originally Posted by ZaltysZ

SP missions are not sandboxed currently. This means, that mission script can get same rights as an user you use to run a game. So, watch what you download.

MP mission scripts are executed on server, so you should not be exposed to malicious code just by connecting to server. However, there are classes, whose are responsible for briefing and UI elements scripted on server, but displayed on client. Those could be used for malicious stuff, but so far it seems they aren't accessible from scripts (or I simply don't know the way).

Thanks ZaltysZ

Quote:

Originally Posted by fearlessfrog

Hi,

I'll post this here on the main forum, as it's not got much traction in the FMB sub-forum:

http://forum.1cpublishing.eu/showthread.php?t=22978

In summary, please only connect to CoD servers you trust and download mission files from people you have some knowledge about. The scripting of mission in CoD is powerful, but allows bad people to do bad things, i.e. a mission file has permissions to access your other non-CoD files etc.

In the world of sims the chance of anything bad happening is (I think) very, very small, but people need to at least have the info to make their own judgement.

I'm very much enjoying CoD, and hope to see it getting better and better over time, but this type of issue is a real security vulnerability and should be addressed, hopefully quickly.

Thanks.

fearlessfrog can you please edit your posts, as spreading false info is NOT helpful!

You state that connecting to servers is dangerous, which it is not. Downloading single player missions with scripts is another matter.