• The VOIDRUNNER'S CODEX is coming! Explore new worlds, fight oppressive empires, fend off fearsome aliens, and wield deadly psionics with this comprehensive boxed set expansion for 5E and A5E!

November 16th release for Web-based Character Builder

renau1g

renau1g

First Post
Scribble said:
Well.,.. they've indicated 2 things...

1: At launch the system will have import capability so you can import any characters you already have built.

2. The export function will export to the .dnd4e file format that already exists.


From that I surmise it will let you re-import... But I don't know for sure.
Click to expand...

Ok, so this is a hypothetical question to those IT guys here. So they'll be allowing uploads to this Cloud right? Ummm... so there's a lot of IT-type folks all PO'd at Wizards right now... couldn't one of them use a dnd file as a trojan horse to drop a virus in? Seems like a decent vulnerability to me, but again I'm a finance guy so maybe the virus scanners would catch things.
 

log in or register to remove this ad

S

Sunseeker

Guest
renau1g said:
Ok, so this is a hypothetical question to those IT guys here. So they'll be allowing uploads to this Cloud right? Ummm... so there's a lot of IT-type folks all PO'd at Wizards right now... couldn't one of them use a dnd file as a trojan horse to drop a virus in? Seems like a decent vulnerability to me, but again I'm a finance guy so maybe the virus scanners would catch things.
Click to expand...

Presumably, you would import it into the online CB first, not directly upload it to the server.

But really, what would it serve other than to kick sand in the faces of people who are working with the new system, and to make Wizards lock their stuff down even harder?
 

DEFCON 1

DEFCON 1

Legend
Supporter
bbbmmmlll said:
That's short term thinking.
Click to expand...

Well, lucky for us... this 20 character maximum sounds like it's only in the short-term anyway. :)

The other thing to remember is that since we aren't losing the offline builder we already have... anyone who has characters there can still use that to build or level up existing characters using all 2 years of Wizards material up through August. So unless you are the type who has to use the most-up-to-date material at all times... you can easily continue to build all your existing characters with all the existing errata and options prior to Dark Sun and Essentials. I know that's not much of a consolation for some people... but for others out there who didn't necessarily intend on using Dark Sun of Essentials products for their existing characters anyway... they are still in okay stead.
 

renau1g

renau1g

First Post
shidaku said:
Presumably, you would import it into the online CB first, not directly upload it to the server.

But really, what would it serve other than to kick sand in the faces of people who are working with the new system, and to make Wizards lock their stuff down even harder?
Click to expand...

What does any virus serve? People are jack@$$es.
 

Scribble

Scribble

First Post
renau1g said:
Is 100 extreme? How would a higher limit affect programmers? Wouldn't it just be a larger storage amount required? I'm a layperson so ignore any ignorance.
Click to expand...

From what was stated, part of the reason is protecting against attack. The idea was basically someone could write their own program that does nothing but basically make D&D characters all day everyday, and upload them to the cloud. Since it's not a human, and doesn't care much about how well the character works or anything it could do this very quickly.

Sooner rather then later it would load the drives full of junk characters and overload the whole thing.

He admit the number was pretty low, and said they'd be keeping an eye on how things were going for expansion.

renau1g said:
Ok, so this is a hypothetical question to those IT guys here. So they'll be allowing uploads to this Cloud right? Ummm... so there's a lot of IT-type folks all PO'd at Wizards right now... couldn't one of them use a dnd file as a trojan horse to drop a virus in? Seems like a decent vulnerability to me, but again I'm a finance guy so maybe the virus scanners would catch things.
Click to expand...


Anytime you upload a file from somewhere you risk getting a virus... But this is something I'm sure they have things in place to deal with... Just like any online service.

Also, the client actually is local to your machine. It's just the data that sits in the cloud. (Which is one of the reasons they aren't doing the offline silverlight thing... it would be a CB with no info in it...)

So I'm not sure if a virus laden character file would effect them, or effect you, because technically you opened it on your system...
 


renau1g

renau1g

First Post
Scribble said:
Also, the client actually is local to your machine. It's just the data that sits in the cloud. (Which is one of the reasons they aren't doing the offline silverlight thing... it would be a CB with no info in it...)
Click to expand...

Interesting...learn something new every day. I've learned a lot about silverlight and IOS and a whole whack of other technical stuff lately.
 

UngainlyTitan

UngainlyTitan

Legend
Supporter
renau1g said:
Ok, so this is a hypothetical question to those IT guys here. So they'll be allowing uploads to this Cloud right? Ummm... so there's a lot of IT-type folks all PO'd at Wizards right now... couldn't one of them use a dnd file as a trojan horse to drop a virus in? Seems like a decent vulnerability to me, but again I'm a finance guy so maybe the virus scanners would catch things.
Click to expand...
Generally uploaded data is passed to the database. It is inserted into the database in the final step using a database language called SQL (Structured Query Language) and this is usually the place the system is most vunerable. If you can presuade the database update component to run a piece of SQL that you have passed to it, you can do a lot of damage. This is called a SQL Injection attack. Now it is possible that SQL injection attacks are possible in the CB, it is a common enough vulnerability. All data to any database should be checked to ensure that none of it can execute as SQL commands and that any possible commands are sanitised so that they are treated as plain text and not as special commands.

A virus is normally a binary executable that hides in another file. In the case of the CB such data would be invalid of if valid (a picture, for instance) have no effect on the server since once in the database it woudl sit there inert without access the underlying OS.

Viruses usually need access to the OS and usually need privilaged accounts which is why a lot of modern malware exploits the user in order to get permission to run.
 
Last edited:

malraux

malraux

First Post
ardoughter said:
Generally uploaded data is passed to the database. It is inserted into the database in the final step using a database language called SQL (Structured Query Language) and this is usually the place the system is most vunerable. If you can presuade the database update component to run a piece of SQL that you have passed to it, you can do a lot of damage. This is called a SQL Injection attack. Now it is possible that SQL injection attacks are possible in the CB, it is a common enough vulnerability. All data to any database should be checked to ensure that none of it can execute as SQL commands and that any possible commands are sanitised so that they are treated as palin text and not as special commands.

A virus is normally a binary executable that hides in another file. In the case of the CB such data would be invalid of if valid (a picture, for instance) have no effect on the server since once in the database it woudl sit there inert without access the underlying OS.

Viruses usually need access to the OS and usually need privilaged accounts which is why a lot of modern malware exploits the user in order to get permission to run.
Click to expand...

But I name all my gnomes Finbiddle'); DROP TABLE Classes; the Third Fourth, etc. It's a long line of troublesome tinkerer gnomes.
 


Similar Threads

Morrus
Pathfinder 2E Test Pathfinder’s New Online ‘Nexus’
Replies
4
Views
5K
GuardianLurker
GuardianLurker
L
Paizo Announces Pathfinder War of Immortals Meta Event
2 3 4
Replies
36
Views
8K
The-Magic-Sword
The-Magic-Sword
L
How Pathfinder Society is Handling Remaster
2
Replies
11
Views
7K
2bz2p
2
L
Paizo Paizo Pricing Update, New Releases, War of Immortals Playtest Wrap-Up, Partnerships
2 3
Replies
26
Views
8K
payn
payn
L
Lore Masters and Updates to the Pathfinder Society
Replies
0
Views
4K
LPuff
L
Remove ads

Top