Ishamael wrote:I think this is too huge of a security risk to release as a "mod" honestly. Literally the FIRST rule of online safety is to not accept files frome people you don't know.
This is exactly what the "mod" means: Modification. Not an bunch of SQL scripts, but modification to the game server and/or game client. You always download a modification before playing.
Ishamael wrote:Do people even realize what they are opening themselves up to with this "mod"?
Once content downloaded from the server, it cannot be used until server is restarted. Paths are given, and you can review downloaded content before restarting the LiF client.
As you can read from serurity consideration entry from the first post - source code of the decoder is available, and may modify it to verify/filter/whatever content recieved from the server. You may remove decoder and disable auto-download part of the mod, but you will need to obtain same files in other way, for example as all servers did before: provide a .zip, which players have to redownload after admin have changed a single setting, which affects clients.
Ishamael wrote:Honestly, with the level of corruption I've seen in admins with the regular game I'd not trust ANY admins with the freedom to put any files they want on my pc.
If you dont trust server admin, dont play on the server. if you dont trust ANY admin, open your own server, or play on vanilla servers.
If you considering, that risks of using the BasilMod::Pack (client and/or server parts) higher than benefints it gives you, then don't use it.
Ishamael wrote:Literally the FIRST rule of online safety
First rule of online safety is "Don't be online". Once you are online, you are vulnurable.
It's the anti-virus/anti-malware/firewall job to keep your things safe.