generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Roblox » Suggestions & Ideas
Home Search
 

Re: Allow Higher Scripting Identities in Scripts

Previous Thread :: Next Thread 
dekkonot is not online. dekkonot
Joined: 22 Dec 2010
Total Posts: 6685
01 Jul 2013 12:20 AM
Before you say "I disagree", let me propose this:

Imagine what could be created with, say, a script that runs at the same identity as plugins, 1. We would be able to use locked events and properties, and at the same time do more things.

The just of this idea is to add a new category for scripts on the website, and allow us to upload them. This upload screen would allow us to set a identity level we'd like the script to run at. All submitted scripts would be moderated for malicious content, and all scripts would run at the default identity, 2, if they were not both submitted and through the moderation process.

"But what would be the point?"

What if you wanted to use locked features, such as NetworkReplicator::CloseConnection, in a game? Methods, events, and properties that are currently locked to normal scripts could be accessed, and a broader horizon of games and ideas could be made.

"What about the CoreGui and other like-objects?"

Well, that's the only real concern, and there is a simple solution that I have already addressed: submit the script to moderation BEFORE it runs at a higher identity. That would allow moderators to catch anything that would be potentially abusive, such as a DDoS attack with Roblox's own servers using DataModel::HttpPost. A user might also be required to submit a proper reason why the script requires a higher identity as another buffer in between non-malicious and malicious uploads.

"How would Roblox tell?!?!"

It would tell using a built in property! BaseScript, the base instance for all Roblox scripts, has a property in it called 'LinkedSource', and certain scripts, such as the all the CoreScripts, use that property in place of an actual source. If this property worked for asset URLs that were uploaded via this feature, Roblox would be able to confirm that the script's source was the same as the given asset ID, and run it at the stored normal identity.

"How would this affect me?"

It would allow for higher quality games, along with more features to mess around with.

TL; DR: Allow users to submit a script for moderation along with a reason why the script should have that identity, and if the script passes moderation allow it's asset to run at the wanted identity.
Report Abuse
cooljoejoe is not online. cooljoejoe
Joined: 11 Dec 2009
Total Posts: 2992
01 Jul 2013 12:25 AM
nope.avi
needs more mods
Report Abuse
testedmarkel62 is not online. testedmarkel62
Joined: 25 Nov 2009
Total Posts: 4291
01 Jul 2013 12:34 AM
Support.

Oh, and, reported for spam.
Report Abuse
The1The0nly is not online. The1The0nly
Joined: 16 May 2013
Total Posts: 94
01 Jul 2013 12:34 AM
Yeah it would take some moderation for that, but it is a very good idea overall.

Semi-Support
Report Abuse
dekkonot is not online. dekkonot
Joined: 22 Dec 2010
Total Posts: 6685
01 Jul 2013 12:36 AM
It would also allow us to build better exploit protection from those people like Booing and Nairod, who literally broke the hash checker the day the update was released.
Report Abuse
testedmarkel62 is not online. testedmarkel62
Joined: 25 Nov 2009
Total Posts: 4291
01 Jul 2013 12:42 AM
^
lol

Oh, and, reported for spam.
Report Abuse
Corecii is not online. Corecii
Joined: 06 Aug 2010
Total Posts: 687
01 Jul 2013 01:09 AM
Support
Report Abuse
blocco is not online. blocco
Joined: 14 Aug 2008
Total Posts: 29474
01 Jul 2013 01:12 AM
While this is a good idea, it's not very practical. What is more practical is to partition access to the API based on the permissions that the user sets, like [the way Chrome Extensions do it][1]. Then, if another user decides to use a certain script in their place, they see the permissions it has, and they will see whether they want to use it or not based on its permissions or configuration or what have you.

It's much better than having moderators, because it's more automated and it gives more control to the end-user, which is a generally good property.

[1]: https://developer.chrome.com/extensions/permission_warnings.html
Report Abuse
1waffle1 is not online. 1waffle1
Joined: 16 Oct 2007
Total Posts: 16381
01 Jul 2013 01:14 AM
You should have just suggested that everything that is locked that has absolutely no reason to be locked be unlocked. We don't need higher script contexts, and there isn't anything that isn't malicious that could be done with their functionalities other than use the things that shouldn't even require a higher identity. Nobody is going to listen and anybody who tries to won't understand, so there is nothing that can be done.
Report Abuse
1waffle1 is not online. 1waffle1
Joined: 16 Oct 2007
Total Posts: 16381
01 Jul 2013 01:20 AM
@blocco
"*Unrestricted access to your NetworkReplicator"
"* Access to client-sided httpget"
'press yes for free obc'

Do you honestly expect clueless children to be responsible with setting custom security permissions and identity restrictions?
Report Abuse
cooljoejoe is not online. cooljoejoe
Joined: 11 Dec 2009
Total Posts: 2992
01 Jul 2013 01:27 AM
rekt
Report Abuse
blocco is not online. blocco
Joined: 14 Aug 2008
Total Posts: 29474
01 Jul 2013 01:29 AM
Certain permissions are more high-risk than others, and they should be treated as such. If there is need for a description and a "Are you sure? Here is what this code can do." pop up, then there will be that pop up.

The best direction for something like this is a direction where model-users can be safe, but at the same time the dev-users can do what they want. The permission text *shouldn't* contain references to the API unless it is **absolutely** necessary; remember we're targeting kids, some who don't know what an API is. The permission text should be as simple to understand as possible, while summing up what the code can do.

With HttpGet, the user also would have to set regexp links in the permissions for places not on roblox.com, that's just a no-brainer. And certain [bad sites] would be blacklisted, so the code would get rejected immediately if it had those links in the regexp.
Report Abuse
SN0X is not online. SN0X
Joined: 24 Oct 2011
Total Posts: 7277
01 Jul 2013 03:52 AM
support

AW MAN THIS ISN'T WHERE I PARKED MY CAR
Report Abuse
IOException is not online. IOException
Joined: 22 Jun 2013
Total Posts: 81
01 Jul 2013 04:26 AM
SUPP0RT!!!!1!!!!!111111!!!.
No seriously, support.

System.IO.FileNotFoundException: Could not find file 'siggy.txt'
Report Abuse
IndyBoy2001 is not online. IndyBoy2001
Joined: 01 Feb 2011
Total Posts: 778
01 Jul 2013 04:36 AM
Half-hearted support. Someone at the top said reported for spam. How is this a spam?

☁ Iɴᴅʏ☁
Report Abuse
IndyBoy2001 is not online. IndyBoy2001
Joined: 01 Feb 2011
Total Posts: 778
01 Jul 2013 04:37 AM
TELL MEH
> :C

☁ Iɴᴅʏ☁
Report Abuse
spicyhunter3 is not online. spicyhunter3
Joined: 30 Dec 2009
Total Posts: 312
01 Jul 2013 06:16 AM
Support. But, dont you think it would to take awhile if someone uploaded a script with a huge amount of lines?
Report Abuse
zars15 is not online. zars15
Joined: 10 Nov 2008
Total Posts: 9999
01 Jul 2013 06:29 AM
At first I thought you have lost your mind, but being able to upload high level script would amazing. Of course they would require moderation, but with this you could do a lot of amazing things.



@C&G people. Listen up, with this you could have live shout in any place or live twitter feed, since we could get our hands on HttpGet function.


But yeah, mods would have to moderate scripts, what could take a while.
Report Abuse
As8D is not online. As8D
Joined: 24 Dec 2009
Total Posts: 2907
01 Jul 2013 06:52 AM
Hm.

I've been wondering for a while whatever we could have something in the PLACE CONFIGURATIONS that would allow us to secure our scripts and stuff.

I don't really know how it would work, like... if we had to put in the path and source for a script, then multiple scripts with the same path (ex. 2 Animate scripts in 2 monsters) would... probably only protect 1 of the scripts... or maybe both and then set both their sources to whatever is put in the place configurations or whatever.

Well, I like the idea.

- As, stealer of Dekko's ziggies since 1978.
Report Abuse
SN0X is not online. SN0X
Joined: 24 Oct 2011
Total Posts: 7277
01 Jul 2013 06:54 AM
bug[ya bug]: i dont think the mods know LAu.R0bl100cx and even if they did it would take ages to moderate the scripts and people could trick the moderators out

better idea: just unlock the things that shouldn't be locked

AW MAN THIS ISN'T WHERE I PARKED MY CAR
Report Abuse
EchoReaper is not online. EchoReaper
Joined: 14 Oct 2008
Total Posts: 4323
01 Jul 2013 08:33 AM
^
Report Abuse
blocco is not online. blocco
Joined: 14 Aug 2008
Total Posts: 29474
01 Jul 2013 02:13 PM
Why is everyone pro-moderation? Why can't we have automation via the methods I described in my post? Moderation costs money and time.
Report Abuse
dekkonot is not online. dekkonot
Joined: 22 Dec 2010
Total Posts: 6685
01 Jul 2013 04:28 PM
WHAT DID I TYPE OUT LAST NIGHT, AND WHY DOES IT MAKE SENSE?!?
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Roblox » Suggestions & Ideas
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image