Sudo suggestion
I wish we could add a sudo thing for the Api like
This would be an example
msg.sudo('userid','action')
Be aware this is not yet a thing and i would love it that even users and bots could do sudo action
-
i could see this being implemented but it should have some restrictions like owner only or somthin like that.
you could use it to send messages as bots or harmless trolls or whatever. there could be a cooldown limit for usage even for the owner
8 -
That's a awesome idea! You could have so much fun trolling people with it!
8 -
If it was something like this I wouldn't mind it as much
But if it's something like this then this will be a huge problem, the other user doesn't know that you got sudo-ed. audit log is only accessible for admins of the server and you just ruined a friendship with an other person.
Also, the voting option is people expressing their opinion about this, you can't just say "Don't downvote this, its a great idea", the voting is here for a reason!
TL;DR: I'm fine with the first picture, but if its something like the second one then I'm absolutely down voting this.
8 -
Seriosly i would not like downvotes without a comment
5 -
It is like for used to test permisions and Trolling
it would be an owner-only thngi or added on a permision
4 -
I also think the owner is the only one who may have permissions to do it, and you can already get a bot to say harmful things like make a custom command with it
3 -
Mr.Mask this in an awful idea. Just because you like the idea and want to troll people does not mean people should agree.
3 -
I would love to see that ability in a troll bot but realistically no one would make that if it could easily be abused
3 -
The only way I see this implemented is:
- if the server has 2FA enabled
- with a cooldown of at least 30 seconds
- that the user that is getting sudo-ed gets a notification of what is happening to him (only visible to him)
- it getting logged in the audit
BUT only then I will see this implemented. Otherwise its a huge risk.
3 -
You're all upvoting this because THEORETICALLY it sounds like a nice idea, and would add to trolling.
Building off of Sky_Dragonsz's point, it would fundamentally be a good idea, if people were aware of it. This currently kind-of exists; you can use the Discord API to send a webhook with a person's username and avatar and send a message through it. It would look like the user except with a bot tag next to it.
This could be used abusively, such as making members say things harmful or hurtful (i.e. to get them banned; can ruin friendships; distrusts the whole trust system).
I also believe that some of you have not quite read what it says fully. It says that the endpoint should allow simulation of any action/endpoint on the Discord API. Like I said previously, this is exactly like send requests to the Discord API Endpoints using another person's token. It is effectively, for those knowing little about APIs, handing out your account blindly for anyone to do anything. The suggestion does not state that only server owners should be able to do it, nor that only in certain guilds or guilds with certain settings. It merely states that bots and users should have an endpoint to spoof any user's action through a new, specific endpoint.
On a security perspective, this would break Discord. It would allow anyone to fake action(s) within a given server, or globally. This could allow for fake messages which would break the Discord ToS, and possibly get a person's account locked, or promote server-banned behaviour, getting a person banned. It could also allow illegal actions, which would be followed up - only for law-enforcement agencies and/or Discord to realise it was an abuse of a sudo endpoint. Whilst sounding like a good idea, I'm strongly against this idea. It's sound is a good idea, however the implementation is just like I said previously: giving your account away.
Discord have been working on security itself for ages now, just for a sudo command to be implemented, breaking it? They've done fixes, such as hiding your token (or at least making it harder to find), not storing it in plaintext over your temporary/cache files, as well as many other small changes. That would be all for nothing if someone could physically use your account against your will or knowledge.
Also, if it was an API Endpoint which you are suggesting, how would a user use it? Remember, it is prohibited for a user to make (automated) requests outside of the Discord client in an unauthentic way using a user token. You would be promoting a whole dialog to be added to the Discord client, just for sudo'ing.
By a developer's perspective, both the idea and the suggested code is of a malformed syntax. The given code:
msg.sudo('userid','action')
alone makes no sense. For the demonstration, I'm going to assume that you mean that this would be the code which Discord.JS, a popular Node.js library would implement into their package as a wrapper to access the endpoint.
Firstly, you should state which library that should be from. As you can see, I'm taking a wild guess. It could also be many other libraries, including Discord.PY (and its rewrite).
You should also pay attention that msg most likely stands for the message which is given in the message client event (<Discord.Client>.on('message', (msg) => { ... });). I would personally bind this to either the <User>.sudo(<Guild>, message), where typeof message == 'string', or <GuildMember>.sudo(message). Even <Guild>.sudo(<UserResolvable>, message) would, in theory, work. The syntax would make much more sense.
Lastly, please note that this is general suggestions or ideas to be added to the Discord API in general, as opposed to for one library. If you were to add code examples, please state for which library, or even suggest endpoint URLs directly - generic for any language.
The only way I'd see this implemented if there were logs, and user agreement by the person's account who another person wishes to sudo. You would have to give specific access to that user within that guild, and actions would be limited to sending messages only. I'm surprised no-one came up with this idea yet, however it makes the most sense to me personally. Let me know what you think.
TL;DR: Sudo is not a secure nor good idea, unless the user agrees by server and per user, along with sudo logs (and possibly alerts) so the user being sudo'd is aware. Having a special tag defeats the purpose of sudo (and technically exists by using Webhooks).
3 -
It’s not a huge risk if your not an idiot and allow people that you don’t trust have access to it. You guys seems to not run servers.
- You can set up roles to where non admins can’t do commands.
- Sudo would only be used by admins/owner unless your dumb enough to give it permission to anyone then that’s a you prob.
- If you set up rules and roles then you won’t have any issues.2 -
maybye /sudo [user] [command thingy] like minecraft sudo?
and in role settings a mabye a switch that says "can use sudo"
yes?
2 -
10 minute mail, also gmail accounts are free and making one is 1 minute of work.
I have a spare gmail account for sites I don't trust or for test purposes.
"It is like for used to test permisions and Trolling"
How are you going to test permissions with a sudo command?
Ask a friend to join your server and take control over him with sudo? Why not directly asking him what to do and getting live feedback.
That's why I suggested an extra account for test purposes.
1 -
Reさ, if a bot says harmful things its fine, you can just ban the bot, but with the sudo command you will not know if it was the owner that forced someone else to say those things or if it was the user that said that.
1 -
This suggestion is just plain bad. There's no realistic use-case for this that doesn't relate to trolling.
1 -
Lots of people do say they want it and others really dont
I know why you people say its bad it is because abuse or it will end other relation ships and then like everyone having access or something but ill do a pros and cons
Cons:
Might end friendships
ends clean records of rule breaking (what i mean is if someone has a cleanr ecord of no rules broken and its broken cuz sudo)Pros:
Trolling
YT CONTENT
TTV CONTENT
Other user reactions
Other bots using this (As marketing maybe)IF ADDED:
Cool down
a sudoed badge
User being sudoed gets a small notification1 -
That's rude...
1 -
Stop downvoting, this could be used for actual emergencies
like what if you get hacked and you sudo yourself on an alt to say im hacked1 -
it would be logged onto audit log Sky_dragonz
i suggest this idea is great and say that noboy should every time downvote it0 -
Its funny that you suddenly feel attacked because people think this is a bad idea/suggestion. They don't mean you are bad, so why the name calling?
Testing permissions can easily be done with an alt account (yes, I know you are lazy to make an alt even with 10 minute mail) or even asking a friend (that you want to force to sudo) to test the permissions.
I feel like this idea originated from the sudo command you can use on minecraft (with plugins), but on minecraft it is fine to use it. You can't do much harm on minecraft.
0 -
Have you ever thought about negative cause related to the suggestion you have? People here literally suggest you some harmfulness there, but you just keep trying to deny it. There are millions of people who are using Discord, and any type: good, bad, evil, childlish, etc. And I never think Discord will give a special feature random only to your ordinary guild. Don't just think about yourself; think about the others who got this feature and their complainment in the future
Also, by you're saying: "Upvote this, don't downvote, etc.." is completely childlish. The voting system is for the expression the user given to the idea, not by the mean you will hunt down one by one you see them "hateful" to you because of the downvote. I hope you understand this. Also, I will not reply back whether you still want to hunt me or not. I'm just giving a downvote for this.
0 -
I would vote for a bot to sudo it’ll help with bots that can’t work without a person calling the command. As an example I would like for a bot I use to run a command for another bot with less work load but the other bot requires a person to run the command. I use Charlemagne for destiny 2 clan contributions and with the amount of people I rather one line instead of me doing everyone individually it’ll run the command by sudoing me when I tell it to. Plus make it owner only or admins based and then you don’t have to worry about other people trolling. It’s not that hard to keep others from trolling unless you want them too.
0 -
imo the sudo command is a great idea and that would be only used by certain roles that way its not abuseble in any way
0 -
It would be a nice idea. Just a couple ideas of limitation. A Cooldown would be nice, and a view of the audit log, of course, so even if the owner does use the command to abuse, then the admins can Screenshoot the thing and report it for abuse to disscord.
0 -
I think you can see if its sudo through a small detail and it changes every week
0 -
To be honest, this could be abused for servers. But, ya gotta agree with me. Sudoing would be awesome. Also abusing wouldn't be hard to spot as a sudo badge could be there, but if not, their name color would be different. But you can toggle badges or color changes from sudoes in the server settings so trolling can still be hidden from others. Also certain roles can see the changes as well and a sudoed person get a DM when they are sudoed.
0 -
This whould be fun but it is fair that only the owner has perms and the things with 2FA or something
Sky_Dragonz said the rules and perms
0 -
For some reason people aren’t reading it’ll be best to have this for admins/owners only. It’s not like we are idiots to give this power to random people unless your an idiot who doesn’t set up their bots correctly or doesn’t even know how to make it where general public can’t just mess with bots at random. Sudo would do lovely for discord in the right hands if admins or owners are trolling people and the people don’t like it then leave the server not a hard concept.
0 -
GREAT IDEA. IVE ALWAYS WANTEWD /SUDO
0 -
Well, I for one like this suggestion, I believe it would need to be its own separate permission, but this seems like an amazing idea I've actually been looking for and need.
0
Please sign in to leave a comment.
Comments
41 comments