The risk of allowing random people, who’s only authorisation is having a forum account for 2 days to upload encrypted code which may contain viruses or rats such as cypher which can literally nuke a server is too great. This really needs to be counteracted before severe harm is done.
My suggestion is that the forum moderators manually review encrypted code from “untrusted” developers(I’m assuming the moderators have access to the source? Otherwise mandate it that they upload the source as well for the mods).
Developers who are well known to the community and are trusted should be able to upload without review.
1 Like
I don’t think this is a proper solution, any solution that’s just “throw more staff at it” isn’t going to solve the problem in the long run.
I think a proper solution would be to block escrowed scripts from being able to access os, io and load, which would block any potentially malicious things a script could do, and at worse would allow it to crash your server, but you can just remove the resource in that case.
1 Like
That’s a better solution I think. Am I wrong though would that be problematic for accessing JSON files in the script?
LoadResourceFile still exists and I don’t think that should be blocked.
But I agree with os, io and load being blocked when inside encrypted code. Though I personally never used those in encrypted portions. Can only talk about myself 
1 Like
If you’re accessing them via LoadResourceFile it would be fine, I don’t think it can access outside of the resources/ folder.
PerformHttpRequest should also be blocked (or require explicit permission, for example in the resource manifest)
1 Like