Prevent multiple teams from using different hashes/IDs but the same name #82
Comments
|
This probably doesn't need to be a bulletproof solution; one with a race condition would be okay since the exploit behavior is the current behavior, which is easily fixed by hand-editing team names. Something like, if this is a team that hasn't registered yet, open every registered team file, compare the contents against the current team, fail with "team name already taken" if there's a match. Else fall through to current behavior. |
|
I would also accept a solution that runs client-side. While a client-side solution could be pretty easily bypassed by a determined attacker, this is not a serious attack, and in general I'm a fan of allowing participants to cause creative mayhem, especially when the administrative fix is both trivial and documented. |
|
I now think this should be client-side. The client already has the state object, and can do a quick check to see if a team name is already in use. |
|
That depends. Is this a client-server contract issue, as far as the server guaranteeing that teams have different names, or just an annoyance that a given client may or may not choose to care about? |
|
Just an annoyance. It's happened maybe six times in the last 12 years. Won't fix. |
|
I should note, though, the client pulls state before login now so the client side fix should be simple. So I guess I'll leave this open. |
More than one team can use the same team name but different hashes. They shouldn't
The text was updated successfully, but these errors were encountered: