CivPlatform/map-sync

Consider limiting to a single sync connection

Protonull opened this issue · 1 comments

Protonull commented

Currently, for each Minecraft server, you can connect to and sync with multiple MapSync servers. This is great in theory as it allows players to source their map data from multiple places, however, in practice, this is difficult to maintain.

It creates the means for players/servers to taint other player's/server's maps in real time

This is not made impossible by limiting clients to a single sync connection, but it does as friction. Also, the sync server itself needn't be malicious. Imagine if, during the last war, PhysicsGamer had a Temporal Isles sync server. And say some Icenians were still connected to it from when it was an Icenian state. And say Icenia also has a sync server. PhysicsGamer could then send tainted chunks to his Temporal Isles sync server and those chunks would be relayed to the Icenian sync server. This could become an attack vector to obfuscate or white-out keys areas of the map, or even the whole map.

There are ways to combat something like this, like not sending map data to sync servers that came from other sync servers, but this isn't currently tracked. Or enforced. Sync servers do not do any kind of validation. It's almost surprising this hasn't happened yet, except by accident with creative-server chunks.

Any memory issues are compounded

Any places where MapSync is holding data permanently in memory per-server are multiplied by however many servers people are connected to.

Any synchronisation/threading issues are compounded

Same as above.

Gjum commented

I don't agree with your attack scenario; when you connect to any MapSync server, you trust it, and when that trust stops, you should remove it for a variety of reasons. This remains true even if the client only allows a single MapSync server.
The MapSync server does keep track of who submitted what map data, and server owners are responsible for detecting malicious users and rolling back their data, and issuing the previous corresponding data of each chunk to the users. There are currently no tools to do this, though.

As a quick fix for your other points, you could add an entry in the GUI/Readme that informs the users about these tradeoffs and allows them to decide whether to use one or multiple MapSync servers according to their own needs.