Jump to content
  • Setting realm name in config.wtf bypasses "allowedSecurityLevel"

    • Status: Confirmed
      Main Category: Core / Mangos Daemon
      Sub-Category: Code Enhancement
      Version: 21.14 Milestone: 22 Priority: High
      Implemented Version: Unset

    Setting realm name in config.wtf bypasses "allowedSecurityLevel"

    Setting a realm in the database to 3 under "allowedSecurityLevel" currently does the following:

    • Makes the realm appear offline to those below the security level... That is all!

    This can be bypassed with a simple edit to the config.wtf and adding the realm name (which you can get as it appears as offline in the list.

    Two things are needed to fix this.

    • The realmlist being sent should be checked, i.e "allowedSecurityLevel" should be considered by realm-daemon before sending the realm list to the client.
    • If they don't meet requirements no need to send the realm name/ip or data to the client.
    • Mangos-daemon should double check incoming clients GM level.

    I suggest that any non-GM user attempting to connect / login to a security protected realm be treated the following:

    • Not have permission to create characters - Be told character creating is disabled.
    • If characters exist they should be sent the "world server down" message (preventing them logging in).
    • Kicked or gracefully disconnected after 30 seconds by mangos-daemon.

    Please discuss :)

    User Feedback

    Recommended Comments

    [quote=Talendrys]Why not put it as invalid for the client or even hide it ? Offline seems using a flag for a non-foreseen usage.[/quote]

    Well hide it would fit in with what I said, to hide it we need to check the connecting client has the right security level to see the realm.

    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use