Remove getClient().getPassword()

[JustSoPro 0]

getClient().getPassword() can be used in scripts to return passwords of accounts that are logged in AND not even in the account manager, I feel like this isn't safe in practice unless EVERY script is scanned before being uploaded to the SDN and ALL scripts that are not on the SDN have to be open source. Someone could easily send your login and password to their e-mail or website.

[Xephy 237]

1 minute ago, JustSoPro said:

getClient().getPassword() can be used in scripts to return passwords of accounts that are logged in AND not even in the account manager, I feel like this isn't safe in practice unless EVERY script is scanned before being uploaded to the SDN and ALL scripts that are not on the SDN have to be open source. Someone could easily send your login and password to their e-mail or website.

All SDN scripts are checked for malicious intent and quality assurance.

Also let this be a note not to run any snoopy scripts that people hand you. If anybody is found handing out such stuff, they will be dealt with.

[Articron 738]

Store scripts are checked by both man and technology for malicious intent of the scripter. This includes any changes they make to an already uploaded script to the store.

[Nuclear Nezz 2055]

People use this for private purposes (that aren't malicious) so no, we wouldn't remove it.

We look at the code of every SDN script before it's compiled or accepted.

Local scripts can do much more malicious things than call getPassword, and even if we did remove it, local scripts can still use reflection to get the password from the game (the same way we do)

Like Xephy said, let it just be a stark reminder to look at the code yourself for any local scripts you use, including private scripts you purchase from other scripters. These are not regulated by us.

[Eclipseop 194]

[copy/paste of what the person above me said huehuehue]

[dQw4w9WgXcQ 184]

drowssaPteg