Suggestion: offer this board in HTTPS
Posted: Mon Dec 21, 2015 10:43 pm
This board contains links to files that would be downloaded onto the user's machine. Besides the occasional vulns that are discovered in zip files, I wouldn't be surprised if a security researcher could find a way to escape the Lua sandbox.
Given that mod binaries are normally hosted on github, and github serves its files via https, this forum is the only real weak link in the chain. While making the forums secure would not cover the entire attack surface, it does at least prevent some stuff. For example, an MITM that replaces all zip links with compromised zips.
Given that mod binaries are normally hosted on github, and github serves its files via https, this forum is the only real weak link in the chain. While making the forums secure would not cover the entire attack surface, it does at least prevent some stuff. For example, an MITM that replaces all zip links with compromised zips.