The reply you posted earlier of you reverting the changes because of an issue, I saw that you updated cross-server ranking and it didn’t go as planned.
I was just asking if I can implement this in my admin system, BaseAdmin, to see if I could get it working.
But you said that it is working fine now, which is great to hear!
And I just remembered I still didn’t add that in BaseAdmin, so I might do that in a future update.
I have recently detected a security flaw in the module. I do not know how big of a problem this might be.
Basically, an exploiter could make a module in studio, which can ban people using the RomodMain module, as the module doesn’t have any admin verification. The module creator would publish the module and make it free to use. The module would be easy to access. With a injector, an exploiter could require the module, and start abusing the system.
Please correct me if I’m wrong.
If this is a big problem, I will have to make a fix, but it might take some time.
Again, injectors can execute code on the client. require can only download assets on the server, so the only possible way of doing this is having some very insecure RemoteFunctions hooked up to a script that can require the module and return it. Though I highly doubt that.
If you were to do this, yeah, good job. You’ll need to account for the future of Romod where users can rank other users using DataStores.
Trust me, plan this carefully. I made a post here about BaseAdmin which talks about a security flaw that would later be fixed in the next version. It wasn’t classified as “severe”, and I ignored it for a little over a year now. I realized that some generic RemoteEvents placed by free models can cause the exploit to happen, so I decided to patch it.
History
It happened a year and a half ago, when I decided to make a module for organizing commands for the previous version, AdminSuite. The problem was I needed to pass so many parameters over that it was very messy, and the rank command was one of them. I decided not to add another command just for ranking, and just place a value in the player that, when changed, will set the rank in the DataStore. There was already another value named AdminRank, which can set an admin’s rank in real-time.
I realized that many RemoteEvents were lazy and just blindly set any replicated value without doing any checks for the player. I realized that this was a problem since I used values.
Again, try to make this happen all internally in the module. For about a year from my development towards AdminSuite early on, I just had a table with all the admin names, and I would give them admin when they joined. If you weren’t admin, you couldn’t become admin. I kept on changing this and then I eventually decided that NonAdmins should be allowed to run commands, so I removed the admins table (which is still supported) and gave commands a rank where NonAdmins had a limited number of commands allowed which were harmless.
I currently haven’t implemented Trello support. You will have to modify the code in order to use trello. The problem is, the code is not commented yet, and is a big mess.
What will you use trello for?
I might be able to implement it if I know what it will be used for.
I would use the Trello board to add/remove game bans. I have created a Discord bot which can add/remove cards to the board, I just need a moderation system which can transfer that to Roblox. Thanks for your fast reply!
I think the problem would be fixed with just an else instead of an elseif. Am I wrong?
I haven’t added moderator whitelisting yet. But it is planned. The owner will be able to ban mods tho. Maybe some specific admins too. It will be customisable.
Ok. That will maybe be added. If you need it right now, you might need to modify the code. But it’s messy. So if you need to modify it, sorry for the mess.
Before I can add it into the system, I will need to know a bit more about the bot, and how it works. I will also need to study how Trello API’s work.
Yes, it would be. I would like to mention after looking at some of the code I found some issues with it. There weren’t too many issues but the issues that were there were pretty major.
The 1st issue I saw while testing it out was that it didn’t automatically update, because the scripts were just there and it wasn’t a MainModule. I did fix that, and it runs smoothly: RomodModule.rbxm (24.1 KB)
The next issue I found is where MessagingService was constantly subscribing, causing a memory leak.