Security Note: Communication with Flash is inherently insecure. pnFlashGames provides no perfectly reliable means of being certain that data received by this module is actually being sent by the flash game. However, an experimental secure mode is now provided that may improve security.

Does the above imply security related to cheating scores OR general website security?
Can installing arcade with pnflash games hamper Drupal security in any way?
BTW Choosing secure mode option per game almost always gives error and fails to store scores.

How can access to arcade be restricted to auth users ONLY - currently there is no such option in "Permissions" ? Can this be done by adding one or two lines to the module without having to install another extra module ?

Comments

matt2000’s picture

matt2000 commented

Security note is related to storing scores only. I'm not aware of arcade module causing any vulnerabilities for Drupal in general.

Easiest way is to restrict access is to use another module, like node_privacy_by_role .

matt2000’s picture

matt2000 commented
Status: Active » Closed (works as designed)
kaakuu’s picture

kaakuu commented

Without yet another module is what I was thinking.

I tried / am trying

if (($data === FALSE) || ($user->uid = 0)){
      $data = array();
      drupal_set_message(t('Unable to load flash node data for node @node.'

However, not with success - either it does not load for all users or loads for all users.

Thanks for your replies.

kaakuu’s picture

kaakuu commented

Hmm.

    global $user;
    if ($user->uid < 1){
      $data = array();
      drupal_set_message(t('Unable to load flash node data for node @node.', array('@node' => $node->nid)), 'error');
    }

This seems to restrict flash games (via flashnode.module) only to auth users.
b u t I do not know if it is working for all registered users
a n d whether this is okay to do this, will not break security or anything else.

Do you think this is okay ?