I know this has been discussed before, but is there really no way to add some sort of protection or way to prevent any user from overwriting anybody else's script in the database, either deliberately or by accident?

This really is a huge flaw in the Script Database/publishing system, as while malicious intent could mess up or even do nasty things by replacing a script with one that downloads malware or uploads the user's information to someone (think Mandy's blackmail in the wrong hands), it can be equally done as an honest mistake by a user accidentally overwriting someone's script, or even someone trying to "fix" someone else's script without their permission.

I know you (Doti) can revert a script that has been overwritten manually at your end, but that still puts the onus on A) an author or user spotting the overwrite and B) you fixing something that should not need to be fixed. Not to mention, it could be a while before an overwrite is spotted, meaning a wrong or malicious script could be downloaded by many users before it is reverted or reuploaded.

I always check the author name (and their script thread, if one exists) before downloading any unknown scripts; tags can lie or be incorrect, but if the author is someone I trust, I can happily download. However, as things stand, someone could overwrite a trusted author's script without anyone knowing until it is too late.

Couple these security and authorship issue with the site's bandwidth limits (i.e. someone breaks a 20mb script, 100 people download it before it is noticed and reuploaded correctly, and 100 must redownload it again) and I don't think it is an insignificant issue and is worth looking into fixing, even if not urgently. I know you're busy at the moment, but this has happened a few times to me and other users, so please don't think I'm asking about this for the sake of it.

I don't know if it would be possible, but some kind of short "passcode" you set when publishing a script that must be re-entered when republishing it in order to overwrite (unless its on a server level; i.e. so *you* wouldn't need it to revert, delete, etc.) would be an ideal fix, but any solution to the current situation would be better than none.

When there is overwriting, the script is no more "validated". Consider scripts as any program you download on the internet.

Possibly, it will be possible to see the history and choose a version before downloading or something like that. The password idea has to be considered.

Yes, but one might compare it to the difference between downloading a strange program from a company you've never heard of, or downloading something from someone like Microsoft or Apple only to find someone replaced the program on their servers with a malicious or broken one.


Although I can see the appeal in previous versions in some cases, most of us scripters tend to increment, so previous versions aren't really needed (I do sometimes leave a link to a previous version when posting a new one that isn't well tested, however).

A password that allows *only* the original uploader and author (and yourself, on the server side) to overwrite a script would be very, very welcome. Like I said, doesn't have to be a passcode method but it was what first came to mind. It might hopefully also help facilitate the long-desired "delete your own script" function for authors too, as it would no longer be a risk for some random person to do so!

The history idea sounds a good one to help highlight malicious changes in scripts before they are validated.

On my website, the wiki allows for me to view a diff from the latest version.. something like that should easily highlight anything suspicious entered deliberately or by accident. A diff would also use less bandwidth than people downloading various versions and comparing them locally

_________________
Liz

You can't take something off the Internet - it's like taking pee out of a pool.
https://play-clan.site profile: Liz