Sandbird Posted February 18, 2014 Report Share Posted February 18, 2014 People should be given the option to work with custom SQL tables and queries for their servers. Dayz epoch will move to Arma 3 soon, and development will stop for Arma 2. Shouldn't we (at least in the end) have this freedom to be able to run custom SQLs on our servers ? I am not planning to move to Arma 3 and the SA right now is just lame. I am pretty sure a lot of people here agree with me. Other dayz mods have child:999 calls and they are doing fine...I've never heard of disasters where all hell brakes lose from other people in the opendayz forum. Even If a hacker comes now and messes up with the server, 99% of the time, we rollback.....that means everyone keeps backups of their database.... Please reconsider and allow custom sqls. -Thank you. xBowBii 1 Link to comment Share on other sites More sharing options...
Randomness Posted February 18, 2014 Report Share Posted February 18, 2014 As much as I want to run sql query's , i cant sign this petition . You got a few things wrong, 1. Epoch isn't "moving" to arma3, they are simply also going to support it. They aren't abandoning the arma2 version as you are suggestion, and i really wonder where you gained this wisdom. 2. They already have working custom SQL's on the server, I'm guessing the plan is to improve this and thus create a safer way than the 999 calls. 3. If I'm not mistaken, an abused child:999 call with full access can also remove your backups (but thats speculation). So, eventhough I do want to use custom tables and such, i have hope that the Epoch crew can solve this in their own way and thus i dont think it is needed to have a petition of some sort. Link to comment Share on other sites More sharing options...
Sandbird Posted February 18, 2014 Author Report Share Posted February 18, 2014 Sure, thats your opinion man, but.. : 1) Thats what i read in the forum here....there will be a final release of 1.05 for arma2, and thats it... 2) There is no safer way...you either allow it or not 3) Backups are stored on the hard drive, not in the database...(hackers cant access c:\backup folder), they are safe (I've posted 10 times already how BEC can run mysqldump.exe to create backups to a folder before a server restart) 3a) If you think that its not safe then the least they could do is allow at least 1 custom table...with just an incremental id and 1,2 fields, so we can add stuff to it and SELECT/UPDATE only (if delete is making you guys tremble with fear.)..It doesnt even have to have update...hell, we can do that with PHPMyadmin and SQL events....(but update would be nice :P) 3b) Why have only 1 user/pass/ in Hiveext.ini....Have 2...so we can make another user in the database with only SELECT/UPDATE rights....and use the 2nd user for the 'custom sqls' for the custom tables. That user wont have access to the rest of the tables if we want. There are only a handful of the people that will actually use this...Whoever will, can use the secondary hiveext.dll and then he takes full responsibility about what will happen on his server....I mean this is common sense....if you want to use that dll then you are probably gonna script something right? If you are a simple admin....then use the default one....whats the problem here ? If the default .dll doesnt have 999 calls to it...then whats the problem ? THAT i dont understand. And on a final note.....I am 100% sure that half of the people on the forum cant realize WHAT you can do with a custom .dll. It will take the game to another level. The things you can make are endless. See, i dont understand why people are against this...2 dlls....dont use it if you dont want to.... oO Link to comment Share on other sites More sharing options...
vbawol Posted February 18, 2014 Report Share Posted February 18, 2014 999 and 998 calls are insecure, we will not support these. Instead we need more experimenting and documentation of the 500-505 calls http://dayzepoch.com/wiki/index.php?title=Custom_SQL_Calls Also, you can always run another hiveext.dll along side the main one just change the name of it to something like hiveext1.dll then change your calls to "HiveExt1" callExtension _key Halvhjearne 1 Link to comment Share on other sites More sharing options...
Sandbird Posted February 18, 2014 Author Report Share Posted February 18, 2014 999 and 998 calls are insecure, we will not support these. Instead we need more experimenting and documentation of the 500-505 calls http://dayzepoch.com/wiki/index.php?title=Custom_SQL_Calls Also, you can always run another hiveext.dll along side the main one just change the name of it to something like hiveext1.dll then change your calls to "HiveExt1" callExtension _key So you guys dont even consider on allowing at least 1 custom table for us to do select/update...besides the current ones. Is it too much of a hassle to add an extra table in the database that has nothing to do with epoch.....but that we can query and work with, with the current epoch files. @xBowBii I'll give you a simple example: In a table in the database....lets say news, you got 3 cells. ( id | active | text ) You hook that table to your mission.pbo with the custom SQL function. With a click of a button...you edit the cell in the database and set (for id 1, set active = 1, text = Go now to Elektro...free beer). Game sees that active = 1 and hints the message to players.....instant live news..... Hook that to a php and a timer to set active to 0 ...and you can send Hint messages to your players, from your mobile, through a page, while taking a dump, in the toilet)....well thats just an a example :P xBowBii 1 Link to comment Share on other sites More sharing options...
Randomness Posted February 18, 2014 Report Share Posted February 18, 2014 So you guys dont even consider on allowing at least 1 custom table for us to do select/update...besides the current ones. Is it too much of a hassle to add an extra table in the database that has nothing to do with epoch.....but that we can query and work with, with the current epoch files. dump, in the toilet)....well thats just an a example If I am correct, you could see the 500 ones as a function based on the variables you enter, while the 999 one wants a query. It would make no sense to try to make it more secure, and then leave the unsecure backdoor wide open. As vbawol states, we can write our own DLL's too, unfortunately for me thats out of my league (at least for now). Also from what I understood from Axe Cops attempt to explain things to me, this isnt just a "Hey, lets place this piece of code here and ctrl + s and tadaa", the process of creating the dll's are bit more labour extensive than this. Thus if i may conclude my point of view, we need documentations, and possibly more options with the 500 calls. I'd do it myself if i had the knowledge, but I dont , so i will wait 'till epoch does something with it , or until someone is perhaps willing to make a custom dll for me :) Link to comment Share on other sites More sharing options...
Halvhjearne Posted February 19, 2014 Report Share Posted February 19, 2014 tbh i voted no on this ... as vbawol also statet, this is just too unsecure if you really want it, im sure theres a way you can implement it yourself ... i really dont see a need for this when you can easy hardcode loadouts. whats the point for you to be able to change it on the fly anyway, if everytime a hacker comes by, he goes and changes it however he likes just to annoy you? pretty sure you will get tierd of that pretty fast ... Link to comment Share on other sites More sharing options...
Sandbird Posted February 19, 2014 Author Report Share Posted February 19, 2014 tbh i voted no on this ... as vbawol also statet, this is just too unsecure if you really want it, im sure theres a way you can implement it yourself ... i really dont see a need for this when you can easy hardcode loadouts. whats the point for you to be able to change it on the fly anyway, if everytime a hacker comes by, he goes and changes it however he likes just to annoy you? pretty sure you will get tierd of that pretty fast ... See what i mean....loadouts ? haha...you guys got no idea how to use custom sqls. Sorry for laughing but loadouts ? Where did you get that insane idea ? We are talking about scripting hardcore stuff man...Loadouts ? Flosstradamus 1 Link to comment Share on other sites More sharing options...
Halvhjearne Posted February 19, 2014 Report Share Posted February 19, 2014 See what i mean....loadouts ? haha...you guys got no idea how to use custom sqls. Sorry for laughing but loadouts ? Where did you get that insane idea ? We are talking about scripting hardcore stuff man...Loadouts ? what else is it you want to use it for? generally thats what ppl want 999 calls for and nothing else really ... if you got other ideas, pls elaborate on this or i dont see any reason to vote yes Link to comment Share on other sites More sharing options...
Uro Posted February 19, 2014 Report Share Posted February 19, 2014 See what i mean....loadouts ? haha...you guys got no idea how to use custom sqls. Sorry for laughing but loadouts ? Where did you get that insane idea ? We are talking about scripting hardcore stuff man...Loadouts ? Why dont you make a fork of epoch on the github and develop your ideas on the 500-505 calls? Or make your own Hive.dll? They may one day be integrated into Epoch, you never know, stranger things have happened,.... Instead of being deconstructive and mocking posts within in your own poll. :huh: Link to comment Share on other sites More sharing options...
Sandbird Posted February 19, 2014 Author Report Share Posted February 19, 2014 what else is it you want to use it for? generally thats what ppl want 999 calls for and nothing else really ... if you got other ideas, pls elaborate on this or i dont see any reason to vote yes Sure i'll give you a few... - You can make dynamic events. Any text message, location, building, rewards can be hold there, and controlled by crontabs or php administration. (ex..expand EMS or missions with more missions easily....all database based.no need to compile, restart server...on the fly... Or another example: Depending on people online, load smaller missions for 10-20people on the server, larger for full, etc....) - Hide event coordinates from prying eyes from your mission.pbo....get the coordinates from the database ! - Just like dayzcommander does, i can extract info (deathscores, people online etc) from 'talking' to the server with sockets...with custom sql triggers embedded in the dayz_server.pbo, based on what i want...i cant enable/disable stuff while the game is running...no restarts, reediting files, etc...(ex: Like you said with the loadouts, but more advanced...reward a player that belongs to clan X and not clan Y (written in the database) during the weekends for having best score (for clanwars)) - I guess refreshing of objects like vaults etc with new lock code that was changed from a website could work as well. (Players can access their character/objects they have, like vaults, locks from a website and do stuff to them, then with triggers ingame, update the objects with the new stuff....no need to wait for restarts) - Create a low level admin panel like rcon, (without giving your rcon password to everyone....ffs...we cant even have admin levels in arma rcon) - Allow people from a website to send messages ingame. - Hell i can even control Teamspeak channels from an ingame dialog box if i want to....Have to list people in the channel when the box opens, select player, instead of buy/sell have kick/ban and send a mysql querry event to the sql server which will get executed by a linux system.....(see what i mean here? whatever. you want) -Hook it up to my Raspberry pi and open my REAL garage door when infact i am opening my garage door ingame... All this is SQL based stuff...but with triggers...All the server has to do is listen for the triggers (can be a table cell set to 1/0) and according to the table, select/execute/update stuff ingame and on the SQL server) I got some more ideas especially for debugging purposes..but i have to see if it will work with 999 calls to be sure. I dont want to say more..cause of security reasons like you say. But it would save (whoever is coding here...............) tons of hours with debugging (writing/start server/join/text/fail/redo the whole thing again). Its up to anyone's imagination really. Cant tell you how a fruit tastes unless i eat it first....Custom SQL has to be out first to fully see ideas and scripts out. ps:(i was kidding about the raspberry pi....although that wouldnt be so wrong :P) TheVampire 1 Link to comment Share on other sites More sharing options...
Sandbird Posted February 19, 2014 Author Report Share Posted February 19, 2014 Why dont you make a fork of epoch on the github and develop your ideas on the 500-505 calls? Or make your own Hive.dll? They may one day be integrated into Epoch, you never know, stranger things have happened,.... Instead of being deconstructive and mocking posts within in your own poll. :huh: You know what i dont get.....people's negativity....ignorance is not bliss in this case....Why say that you will vote no when : a ) you are defenetely not gonna use it b )f you dont like it.....then DONT GO to a server that HAS IT. Its as if you are saying....NO....lets not have nuclear power and cheap electricity cause maybe 1 country will be making nuclear weapons. Some admins see the potential to have 999 calls and want it...if you dont want it fine....have your vanilla dll....who cares...why block others for having it ? Cause they will have variety in their server ? Why do they feel threatened ? Its not that they wont HAVE an option...install the plain .dll then and feel safe. Whats the deal ? This is like saying "If i dont want it, then noone should have it" But like i was saying in my 2nd post...see the vote score....5/1...why ? cause there are only a handful of people that actually code here. maca has 999 calls, axe has 999 calls...what are they 'dumb' ? Why have it then ? And they've been having good and stable servers and write scripts and you guys use them ffs....do they get hacked ? sure...like all of us...that doesnt mean that its cause of the custom sqls. Link to comment Share on other sites More sharing options...
Uro Posted February 19, 2014 Report Share Posted February 19, 2014 You know what i dont get.....people's negativity....ignorance is not bliss in this case....Why say that you will vote no when : a ) you are defenetely not gonna use it b )f you dont like it.....then DONT GO to a server that HAS IT. Its as if you are saying....NO....lets not have nuclear power and cheap electricity cause maybe 1 country will be making nuclear weapons. Some admins see the potential to have 999 calls and want it...if you dont want it fine....have your vanilla dll....who cares...why block others for having it ? Cause they will have variety in their server ? Why do they feel threatened ? Its not that they wont HAVE an option...install the plain .dll then ? Whats the deal ? This is like saying "If i dont want it, then noone should have it" You seem to have missed my point entirely; Develop your own hive.dll for the custom things you want, there are others around here who have already done so. And I'm sure they'd be willing to assist you, if you approached them in the right manner. I'm hedging a bet here that the Epoch devs are pretty busy between Dayz Epoch and A3Epoch to re-write the hive.dll for things they have already said they aren't ever going to use in Dayz Epoch. Going by the sheer amount you've posted on the forums today, im not going to comment further, some people aren't worth the time. Good day sir. Link to comment Share on other sites More sharing options...
Sandbird Posted February 19, 2014 Author Report Share Posted February 19, 2014 ok bye bye vanilla. Akelorian 1 Link to comment Share on other sites More sharing options...
matt_d_rat Posted September 7, 2014 Report Share Posted September 7, 2014 +1 for this request. I am currently writing a new script for Epoch and from research assumed I could use CHILD:999 calls to talk to the custom database tables my script needs. Is there not a way to implement this to satisfy the requirements of all concerned parties? Link to comment Share on other sites More sharing options...
Sandbird Posted September 7, 2014 Author Report Share Posted September 7, 2014 +1 for this request. I am currently writing a new script for Epoch and from research assumed I could use CHILD:999 calls to talk to the custom database tables my script needs. Is there not a way to implement this to satisfy the requirements of all concerned parties? Use Arma2Net. By the time they decide to release a 999 dll it would be 2035 and we'll all be living a real dayz life. :P Check my signature for the 3d live mission. It uses Arma2Net. Its easy to extract the parts you need. You just need to do the arma2net steps and then look into the dayz_server folder server_functions.sqf on how to query the db. edit: i just saw you were the last person posting there...did you fix your bug ? Link to comment Share on other sites More sharing options...
f3cuk Posted September 7, 2014 Report Share Posted September 7, 2014 Yeah big +1 over here, please please please release the hiveext.dll with 999/998 support again, the 500 hundreds are useless cause you cant write. I'd like to be able to fiddle around with the epoch without having to rely on third party stuff that is either outdated, non-transparent or just not working. Link to comment Share on other sites More sharing options...
RimBlock Posted September 8, 2014 Report Share Posted September 8, 2014 Zupa made a hiveext.dll with 998/999 calls available in the single currency thread I am not using it and have not tested at all. VBAwol has flip / flopped on the subject a number of times on Github and I can see his point of... to an extent. Unfortunately just citing the age old "Its insecure" does not in anyway help quieten down the baying masses who would like to leverage it. I have adked VBAwol and a few others who trot out the "Its insecure" line what is so insecure that cannot be managed with server side sqf and DB security / restrictions and have yet to hear any sort of answer from anyone on this. TBH I think the problem is that Epoch is pitched or has evolved in to an almost 'one click' install meaning lots of people out there without very much technical knowledge are able to run their own servers. This has helped Epochs popularity greatly and I would imagine VBAwol and the other devs would like to keep this door open. Supplying a Hiveext.dll with 998 / 999 calls with Epoch opens up large risks for server owners without any grounding in DB security and server side sqf coding if they implement it or mods using it. This then causes massive knock-on effects support wise for the mod and is likely to damage its reputation. The dev team are stretched thin at the moment with the A3 Epoch work, the Twitch streaming. Pull requests and work on DayZ Epoch seems to have slowed down significantly (My A Plot for Life pull request is still sitting waiting for inclusion in the Epoch code ;) ;) devs....). Cant see anything official happening with the hive at all. There are also other options out there as well as using Zupas Hiveext.dll with the 998/999 calls. ARMA2Net is one which Sanbird has extensive knowledge of. For the people saying "Just go and make your own version.". The hiveext is built in c++ which is a whole new kettle of wax ( ;)) to scripting in sqf. A lot of people dont have the skill set and the majority dont have the time to learn it (myself included) and so we have to rely on others who do. f3cuk 1 Link to comment Share on other sites More sharing options...
f3cuk Posted September 8, 2014 Report Share Posted September 8, 2014 I guess he did, but i still think he made a bad decision when choosing not to include it in the final release. Imho it doesn't matter if it's insecure or not. Like you said if it's insecure, tell us why and tell us the possible pitfalls, don't restrict but teach. People are going to find other ways to do it, people have already found other ways to do it. Which has not resulted in making the situation any more secure, in fact, i think the situation is becoming less and less secure. Why? People want stuff like gold coins and they are just going to use that Hiveext.dll even if they have no clue of what's inside. The mere fact that you suggested it to me without having tested it or knowing what's inside supports that statement. Compiled C++ code cannot be decompiled, so there is no way of knowing what is inside those DLL files which automatically makes them a huge risk. The only thing not releasing 998/999 publicly has achieved is that we now have a lot of people working on essentially the same stuff and reinventing the wheel over and over again, whilst we could of had a lot of very talented people making mods based on those 998/999 calls and in the process getting better at making it secure as possible. RimBlock 1 Link to comment Share on other sites More sharing options...
RimBlock Posted September 8, 2014 Report Share Posted September 8, 2014 The mere fact that you suggested it to me without having tested it or knowing what's inside supports that statement. Which is why I made the statement (i.e. use at your own risk ;) ). Zupa made a link to the source code on the same page although it all comes down to trust in the end, in this case that the avaiable source code was used to compile the .dll. Also to note. Zupa has kindly made the compiled dlls available for people and this is not meant to be anything negative directed towards Zupa at all, more a highlight of the risks that exist using code from the internet in compiled form. For those who have not seen it, BIS have a page on safety considerations of using .dll (extentions) with ARMA here. Link to comment Share on other sites More sharing options...
Creep Posted September 8, 2014 Report Share Posted September 8, 2014 Something I mentioned a few days ago... maybe helpfull for the start Link to comment Share on other sites More sharing options...
f3cuk Posted September 8, 2014 Report Share Posted September 8, 2014 Which is why I made the statement (i.e. use at your own risk ;) ). Zupa made a link to the source code on the same page although it all comes down to trust in the end, in this case that the avaiable source code was used to compile the .dll. Also to note. Zupa has kindly made the compiled dlls available for people and this is not meant to be anything negative directed towards Zupa at all, more a highlight of the risks that exist using code from the internet in compiled form. For those who have not seen it, BIS have a page on safety considerations of using .dll (extentions) with ARMA here. I have not found any link to any source whatsoever? I know you didn't mean wrong by it, but the whole relying on 3th party dll (without source available) files is wrong to begin with. I'm not saying they aren't thrustworthy, just that it is not healthy having to rely on devs being just that. I'm am a full 100% sure if I release an easy to install fully working Single Currency mod including a custom Hiveext.dll that is malacious, people would download and install it on their server no questions asked. This is a huge security problem and far bigger then potential exploits on 998/999. If they are unwilling to release I may have to dive into this myself. Luckily the source from the current one is still available and I'm pretty sure i'll be able to implement custom 999/998 calls. The only thing bugging me is that I'm going to have to buy a ~500 dollar license for a product (Visual Studio) that I'll probably never use again. Also it brings me back to the reinventing wheel part cause this has already been done Link to comment Share on other sites More sharing options...
Sandbird Posted September 8, 2014 Author Report Share Posted September 8, 2014 A custom .dll with 999 calls also means for any future epoch release, people would have to wait for the developer to re-release a new dll for the latest version. That can cause problems if the developer stops 'playing' dayz. I saw something similar when epoch upgraded to 1.0.5 and people were waiting for maca to release a new dll for the multicharacter addon. Personally i dont want to do that....thats why i thought a proper custom dll from the epoch team on every release would be the best thing. A simple disclosure, "no support given for using the custom .dll, use at your own risk" would be enough i think to avoid 'support' issues......so the excuse 'we dont want to support it' doesnt make sense. I've said it before and i'll say it again.....all other dayz mods have 999 calls....and they are still active and without problems. We already got tons of hackers trying to hack through infistar's antihack.....as if a custom dll is going to do things much worse. Make a new db user, that has access only to the custom table and thats it....all other excuses are BS, IMHO Link to comment Share on other sites More sharing options...
RimBlock Posted September 8, 2014 Report Share Posted September 8, 2014 I have not found any link to any source whatsoever? I know you didn't mean wrong by it, but the whole relying on 3th party dll (without source available) files is wrong to begin with. I'm not saying they aren't thrustworthy, just that it is not healthy having to rely on devs being just that. I'm am a full 100% sure if I release an easy to install fully working Single Currency mod including a custom Hiveext.dll that is malacious, people would download and install it on their server no questions asked. This is a huge security problem and far bigger then potential exploits on 998/999. If they are unwilling to release I may have to dive into this myself. Luckily the source from the current one is still available and I'm pretty sure i'll be able to implement custom 999/998 calls. The only thing bugging me is that I'm going to have to buy a ~500 dollar license for a product (Visual Studio) that I'll probably never use again. Also it brings me back to the reinventing wheel part cause this has already been done On the link I posted is a line "Unofficial source files with 999 for epoch hive:" with a link underneath. It links to rajkostos original source from which the Epoch hive .dll is taken. THis code still has the 998 / 999 calls in it. Fully agree with published .dlls without source and without compiling yourself unless it is from a trusted source. For compilation, install Visual Studio Express for Desktop (scroll down the page). It is free. Ongoing dev work is a big concern if using a .dll not aligned to the mod as Sanbird says which can be a big problem with locked down calls. @Sanbird, that would be fine in a world where everyone was 100% open and hones. How many people wouldn't mention the fact they are using the 998 / 999 .dll when asking for support knowing they would not get any if they did.... My intention is not to side with anyone or view really (just seems like flogging a dead horse TBH as the Epoch team have made their views clear), it was just to mention that there are sets of code and compiled .dlls out there if people wish to take the risk in using them. I will not be using the hiveext.dll for my own servers mods anymore. Link to comment Share on other sites More sharing options...
f3cuk Posted September 8, 2014 Report Share Posted September 8, 2014 On the link I posted is a line "Unofficial source files with 999 for epoch hive:" with a link underneath. It links to rajkostos original source from which the Epoch hive .dll is taken. THis code still has the 998 / 999 calls in it. Fully agree with published .dlls without source and without compiling yourself unless it is from a trusted source. For compilation, install Visual Studio Express for Desktop (scroll down the page). It is free. Ongoing dev work is a big concern if using a .dll not aligned to the mod as Sanbird says which can be a big problem with locked down calls. We could make a public one which will be is maintained by the community (and always has the source available on github). Any mod maker should be able to do a pull request in which childs can be added to support their mods. The community could check the changes, decide if they are any good and release a new dll when they get accepted. On git it says you need "Visual Studio 2012 Update 4" or higher to compile the Hiveext.dll. Microsoft Visual Studio Express seems to have Update 3. I'll try but chances are it won't work. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now