Project:
RSS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008648New issuesScriptingpublic2014-11-22 16:212017-05-18 19:24
ReporterGallardo9944 
Assigned ToJusonex 
PrioritynormalSeverityfeatureReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Summary0008648: [Request] Allow clientside fetchRemote to access other servers
DescriptionI guess this doesn't need to be explained. MTA becomes REALLY limited when you can't access outside world directly from the client.

Some services require the same IP to be used everywhere. Example: you want to make a music player. Fine, we can request the list of links via php or via the server's fetchRemote, but if the links are sent clientside, the links can't be played due to API limitations (different IP = different link). Here worldwide clientside fetchRemote comes in really handy. I don't really understand the point of this "limit" and this limit should be removed.
TagsNo tags attached.
Attached Files

- Relationships
has duplicate 0007713closed fetchRemote traffic limitation instead of IP limitation 
related to 0009474closed Make a custom downloading system without resource system 

-  Notes
(0022554)
AlexTMjugador (viewer)
2014-11-23 12:42
edited on: 2014-11-23 12:42

I also don't really understand why clientside fetchRemote is so limited. You can already use events to send to clients any data (even malicious ones) returned by serverside fetchRemote. Perhaps it's blocked in the client due to unexpected DNS resolving being possible, but I think that scripts should be able to deal with that checking received data hash (you can't do anything that can damage a client's computer with current MTA functions).

(0022555)
Cazomino05 (administrator)
2014-11-23 12:45

1) the possibility of using MTA clients as a ddos weapon
2) the possibility of downloading large things to MTA clients and is mitigated by the fact you have to use your own bandwidth, not someone elses
(0022559)
Gallardo9944 (viewer)
2014-11-23 15:26
edited on: 2014-11-23 16:19

1. What's the problem of restricting those requests rather than simply blocking all of them?
2. We can download stuff to clients with events, fetchRemote is not really the only method to do that.

(0023092)
vx89 (viewer)
2015-03-15 21:50
edited on: 2015-03-17 22:32

1) ddos can also be achieved via playSound function, which does not restrict ip.

I would love client-side fetchRemote to support other servers (and also https) to support Spotify's local server (http://cgbystrom.com/articles/deconstructing-spotifys-builtin-http-server/ [^] )
cef3 integration might also allow it, but this would be a more direct approach. Which requires custom 'origin' header though (normal browser ignore such headers and also provide their own for security reasons).

(0023123)
Gallardo9944 (viewer)
2015-03-25 19:44

As far as CEF is getting implemented, isn't it worth making fetchRemote cross-domain too? Browsers have the same functionaliy anyway, just without interface.
(0023124)
Woovie (manager)
2015-03-25 19:49

No.
(0023125)
qaisjp (administrator)
2015-03-25 20:02

Hmmm vc89, nice find.
(0025912)
thisdp (viewer)
2017-05-07 02:33

Why I think it is available to access other server is that
if fetchRemote use TCP protocol
1.Nobody want to use it to launch a tcp ddos attack because it is easy to fright against TCP ddos attack
2.We can use web browser's whitelist and blacklist to solve security problem.

So make fetchRemote access other server is reasonable
(0025913)
ccw (administrator)
2017-05-07 02:56

fetchRemote has recently been updated to work with CEF whitelists
(0025915)
thisdp (viewer)
2017-05-07 03:08

thx
(0025916)
thisdp (viewer)
2017-05-07 03:17

and this is duplicated https://bugs.multitheftauto.com/view.php?id=9474 [^]

- Issue History
Date Modified Username Field Change
2014-11-22 16:21 Gallardo9944 New Issue
2014-11-22 17:30 arranTuna Severity tweak => feature
2014-11-22 17:30 arranTuna Summary Allow clientside fetchRemote to access other servers => [Request] Allow clientside fetchRemote to access other servers
2014-11-23 12:42 AlexTMjugador Note Added: 0022554
2014-11-23 12:42 AlexTMjugador Note Edited: 0022554 View Revisions
2014-11-23 12:45 Cazomino05 Note Added: 0022555
2014-11-23 15:26 Gallardo9944 Note Added: 0022559
2014-11-23 16:19 Gallardo9944 Note Edited: 0022559 View Revisions
2015-02-06 11:56 arranTuna Relationship added has duplicate 0007713
2015-03-15 21:50 vx89 Note Added: 0023092
2015-03-17 22:32 vx89 Note Edited: 0023092 View Revisions
2015-03-25 19:44 Gallardo9944 Note Added: 0023123
2015-03-25 19:49 Woovie Note Added: 0023124
2015-03-25 20:02 qaisjp Note Added: 0023125
2017-05-07 02:33 thisdp Note Added: 0025912
2017-05-07 02:56 ccw Note Added: 0025913
2017-05-07 02:56 ccw Status new => resolved
2017-05-07 02:56 ccw Resolution open => fixed
2017-05-07 02:56 ccw Assigned To => Jusonex
2017-05-07 03:08 thisdp Note Added: 0025915
2017-05-07 03:17 thisdp Note Added: 0025916
2017-05-18 19:24 qaisjp Relationship added related to 0009474


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker