Jump to content

Search the Community

Showing results for tags 'oxide'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News
  • General
    • Suggestions & Feedback
    • General Chat
    • GFX
    • VFX
  • MMO Hub
    • Gamer's Lounge
    • Member's Lounge
    • Developer Lounge
    • Premium Lounge
  • MMO Corner
    • World of Warcraft
    • Lineage 2
    • Minecraft
    • Host Listing
    • Server Listing
    • Server Recruitment
    • Server Reviews
    • The Underground
  • User Hub
    • Support
    • Report
    • Contact Staff
  • Merchant Corner
    • Marketplace
  • General Development Releases
  • Tutorials
  • Wasteland

Categories

  • Creative Corner
    • GFX Releases
    • VFX Releases
    • Resources
  • MMO and MMORPG
    • World of Warcraft
    • Lineage 2
    • Minecraft
  • Webmasters
    • Content Management Systems
    • Addons
    • Scripts
    • Designs
    • Proxies
    • HTML
  • Applications
  • Gaming
    • World of Warcraft
    • Lineage 2
    • Minecraft
    • Emulation
    • Nulled Distributions
  • Marketplace
    • Marsh Designs
    • iDarts

Product Groups

  • Membership
  • Advertise
  • Promote

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Interests


How Did You Find Us?


Contributor


Discord

Found 4 results

  1. While Lua support is no longer supported by Oxide for public plugins submitted on our site, you can still install the Lua extension for Oxide to enable .lua plugins written in Lua if your host allows it. Download the Oxide.Core.Lua.dll extension from Bintray.com Download the dependencies for the extension from our GitHub repo Completely shutdown the server so that it is no longer running in order to replace any existing files Move/upload the files you downloaded to the location where the rest of Oxide's files are installed at Startup the server and you're good to go! To install .lua plugins, simply place them under oxide/plugins Lua is no longer bundled in each Oxide build due to there not being enough interest and dedicated support for the language since C# replaced it as the primary language for public Oxide plugins. There are not many public plugins written in Lua remaining, but the extension will be maintained as necessary for basic plugin functionality. Credits: Wulf
  2. While JavaScript and CoffeeScript support is no longer supported by Oxide for public plugins submitted on our site, you can still install the JavaScript extension for Oxide to enable .js and .coffee plugins written in JavaScript and CoffeeScript respectively if your host allows it. Download the Oxide.Core.JavaScript.dll extension from Bintray.com Download the dependencies for the extension from our GitHub repo Completely shutdown the server so that it is no longer running in order to replace any existing files Move/upload the files you downloaded to the location where the rest of Oxide's files are installed at Startup the server and you're good to go! To install .js or .coffee plugins, simply place them under oxide/plugins JavaScript and CoffeeScript are no longer bundled in each Oxide build due to there not being enough interest and dedicated support for the language. There are very few public plugins written in JavaScript or CoffeeScript, but the extension will be maintained as necessary for basic plugin functionality. Credits: Wulf
  3. While Python support is no longer supported by Oxide for public plugins submitted on our site, you can still install the Python extension for Oxide to enable .py plugins written in Python if your host allows it. Download the Oxide.Core.Python.dll extension from Bintray.com Download the dependencies for the extension from our GitHub repo Completely shutdown the server so that it is no longer running in order to replace any existing files Move/upload the files you downloaded to the location where the rest of Oxide's files are installed at Startup the server and you're good to go! To install .py plugins, simply place them under oxide/plugins Python is no longer bundled in each Oxide build due to there not being enough interest and dedicated support for the language. There are very few public plugins written in Python, but the extension will be maintained as necessary for basic plugin functionality. Credits: Wulf
  4. ith this guide I would first like to raise awareness in regards to SQL injections and then explain approaches to preventing SQL injections within Oxide. SQL injections An SQL injection is a type of attack used to attack databases. This attack is executed by making use of malicious user input and often allows clients to manipulate a database at will. Let's assume our table looks like this: +---+------+--------+ |id | name | name2 | +---+------+--------+ id is some sort of integer, name and name2 are strings. A possible query for this table might look like this: mysql.NewSql().Append("SELECT * FROM table WHERE name = \"" + arg[0] + "\" AND name2 = \"" + arg[1] + "\";") Assuming arg[0] and arg[1] are input strings provided by the user, this query is vulnerable to SQL injections. The first possible attack ends the query via a quote to inject custom SQL code after the input: arg[0] = "\"; DROP TABLE table;--" arg[1] = "" When combined with the SQL query, this results in the following query: SELECT * FROM table WHERE name = ""; DROP TABLE table;-- AND name2 = ""; First a select is executed, then the table is dropped and the rest is commented out. The second possible attack ends the query via a quote to ignore the second condition name2 = "": arg[0] = "foo\";--" arg[1] = "" This results in the following query when combined: SELECT * FROM table WHERE name = "foo";-- AND name2 = ""; The select is executed without considering the second condition because the second condition is commented out. The first attack is generally dangerous because you don't want your users to be able to delete your data, the second attack is dangerous in regards to bypassing authentication and leaking data. Let's assume name and name2 are username and password, then the attacker would be able to authenticate as any user without the password being considered. This might also result in the database leaking data when the result of the select can be accessed by the attacker, giving him access to data he shouldn't have access to. There are more possible attack vectors than this. You should always protect yourself against SQL injections when user input is involved. Preventing SQL injections in Oxide There are effectively two different types of mechanisms in Oxide that help with preventing SQL injections. The following applies to both the sqlite and the mysql extension, the only difference being that mysql is replaced with sqlite. The first one prevents multiple queries being executed in a single .Append() call, meaning the following code is invalid when added to the SQL query in a single call: SELECT * FROM table; DROP TABLE table; This automatically prevents the first kind of attack I mentioned, as the attacker cannot drop the table after ending the query with a quote. The second one prevents all kinds of attacks using parameterized queries. Parameterized queries are queries where user input is replaced with a placeholder. The SQL driver then parses the parameterized query, removes malicious code from user input and inserts the clean user input into the placeholders. In Oxide, our query from above can be written as a parameterized query as follows: mysql.NewSql().Append("SELECT * FROM table WHERE name = @0 AND name2 = @1;", arg[0], arg[1]) @0 and @1 are the placeholders for the arguments provided in the varargs list after the query in our .Append() call. @0 refers to the first argument supplied, in this case arg[0], while @1 refers to the second argument supplied, in this case arg[1]. Placeholders may not be enclosed by quotation marks. This parameterized query protects the database from the full spectrum of SQL injections. The actual C# syntax is very similar, just that you may use new Sql(query, args) instead of mysql.NewSql().Append(query, args) To sum it up, use parameterized queries whenever possible, even when input isn't derived from user input, as you might change that in the future and then forget that this kind of input isn't protected against SQL injections. Credits: sqroot

About us

MMO-Society is the Forum former known as Lordcraft, MMO-Society offers various of Resources to help you evolve your knowledge within Emulation, In the process we make sure to form a strong community bond in-between each other and thus we are proud to can admit that MMO-Society is possibly the friendliest Community Forum to currently exist.

Useful Quick-Links

×
×
  • Create New...