Sudo suggestion

Kommentarer

39 kommentarer

  • ProfessorPixel

    i could see this being implemented but it should have some restrictions like owner only or somthin like that.

    you could use it to send messages as bots or harmless trolls or whatever. there could be a cooldown limit for usage even for the owner

     

    8
    Kommentarsåtgärder Permanent länk
  • ıllıllı 𝙳𝙹 𝚉𝚒𝚝𝚔𝚊 ıllıllı

    That's a awesome idea! You could have so much fun trolling people with it! 

    7
    Kommentarsåtgärder Permanent länk
  • Sky_Dragonsz

    If it was something like this I wouldn't mind it as much

    But if it's something like this then this will be a huge problem, the other user doesn't know that you got sudo-ed. audit log is only accessible for admins of the server and you just ruined a friendship with an other person. 

    Also, the voting option is people expressing their opinion about this, you can't just say "Don't downvote this, its a great idea", the voting is here for a reason!

     

    TL;DR: I'm fine with the first picture, but if its something like the second one then I'm absolutely down voting this. 

    7
    Kommentarsåtgärder Permanent länk
  • Mr.Mask

    Seriosly i would not like downvotes without a comment

    6
    Kommentarsåtgärder Permanent länk
  • Mr.Mask

    It is like for used to test permisions and Trolling

    it would be an owner-only thngi or added on a permision

    6
    Kommentarsåtgärder Permanent länk
  • Reさ

    I also think the owner is the only one who may have permissions to do it, and you can already get a bot to say harmful things like make a custom command with it 

    3
    Kommentarsåtgärder Permanent länk
  • Bigman Ronald

    I would love to see that ability in a troll bot but realistically no one would make that if it could easily be abused

    3
    Kommentarsåtgärder Permanent länk
  • PiggyPlex

    You're all upvoting this because THEORETICALLY it sounds like a nice idea, and would add to trolling.

    Building off of Sky_Dragonsz's point, it would fundamentally be a good idea, if people were aware of it. This currently kind-of exists; you can use the Discord API to send a webhook with a person's username and avatar and send a message through it. It would look like the user except with a bot tag next to it.

    This could be used abusively, such as making members say things harmful or hurtful (i.e. to get them banned; can ruin friendships; distrusts the whole trust system).

    I also believe that some of you have not quite read what it says fully. It says that the endpoint should allow simulation of any action/endpoint on the Discord API. Like I said previously, this is exactly like send requests to the Discord API Endpoints using another person's token. It is effectively, for those knowing little about APIs, handing out your account blindly for anyone to do anything. The suggestion does not state that only server owners should be able to do it, nor that only in certain guilds or guilds with certain settings. It merely states that bots and users should have an endpoint to spoof any user's action through a new, specific endpoint.

    On a security perspective, this would break Discord. It would allow anyone to fake action(s) within a given server, or globally. This could allow for fake messages which would break the Discord ToS, and possibly get a person's account locked, or promote server-banned behaviour, getting a person banned. It could also allow illegal actions, which would be followed up - only for law-enforcement agencies and/or Discord to realise it was an abuse of a sudo endpoint. Whilst sounding like a good idea, I'm strongly against this idea. It's sound is a good idea, however the implementation is just like I said previously: giving your account away.

    Discord have been working on security itself for ages now, just for a sudo command to be implemented, breaking it? They've done fixes, such as hiding your token (or at least making it harder to find), not storing it in plaintext over your temporary/cache files, as well as many other small changes. That would be all for nothing if someone could physically use your account against your will or knowledge.

    Also, if it was an API Endpoint which you are suggesting, how would a user use it? Remember, it is prohibited for a user to make (automated) requests outside of the Discord client in an unauthentic way using a user token. You would be promoting a whole dialog to be added to the Discord client, just for sudo'ing.

    By a developer's perspective, both the idea and the suggested code is of a malformed syntax. The given code:

    msg.sudo('userid','action')

    alone makes no sense. For the demonstration, I'm going to assume that you mean that this would be the code which Discord.JS, a popular Node.js library would implement into their package as a wrapper to access the endpoint.

    Firstly, you should state which library that should be from. As you can see, I'm taking a wild guess. It could also be many other libraries, including Discord.PY (and its rewrite).

     You should also pay attention that msg most likely stands for the message which is given in the message client event (<Discord.Client>.on('message', (msg) => { ... });). I would personally bind this to either the <User>.sudo(<Guild>, message), where typeof message == 'string', or <GuildMember>.sudo(message). Even <Guild>.sudo(<UserResolvable>, message) would, in theory, work. The syntax would make much more sense.

    Lastly, please note that this is general suggestions or ideas to be added to the Discord API in general, as opposed to for one library. If you were to add code examples, please state for which library, or even suggest endpoint URLs directly - generic for any language.

    The only way I'd see this implemented if there were logs, and user agreement by the person's account who another person wishes to sudo. You would have to give specific access to that user within that guild, and actions would be limited to sending messages only. I'm surprised no-one came up with this idea yet, however it makes the most sense to me personally. Let me know what you think.

    TL;DR: Sudo is not a secure nor good idea, unless the user agrees by server and per user, along with sudo logs (and possibly alerts) so the user being sudo'd is aware. Having a special tag defeats the purpose of sudo (and technically exists by using Webhooks).

    3
    Kommentarsåtgärder Permanent länk
  • xXCyberDarlekXx

    Mr.Mask this in an awful idea. Just because you like the idea and want to troll people does not mean people should agree.

    2
    Kommentarsåtgärder Permanent länk
  • Sky_Dragonsz

    The only way I see this implemented is:

    • if the server has 2FA enabled
    • with a cooldown of at least 30 seconds
    • that the user that is getting sudo-ed gets a notification of what is happening to him (only visible to him)
    • it getting logged in the audit 

    BUT only then I will see this implemented. Otherwise its a huge risk. 

    2
    Kommentarsåtgärder Permanent länk
  • Scottieboy1794

    It’s not a huge risk if your not an idiot and allow people that you don’t trust have access to it. You guys seems to not run servers.
    - You can set up roles to where non admins can’t do commands.
    - Sudo would only be used by admins/owner unless your dumb enough to give it permission to anyone then that’s a you prob.
    - If you set up rules and roles then you won’t have any issues.

    2
    Kommentarsåtgärder Permanent länk
  • yande the chickmin

    maybye /sudo [user] [command thingy] like minecraft sudo?

    and in role settings a mabye a switch that says "can use sudo"

    yes?

    2
    Kommentarsåtgärder Permanent länk
  • DingleFlop

    This suggestion is just plain bad. There's no realistic use-case for this that doesn't relate to trolling.

    1
    Kommentarsåtgärder Permanent länk
  • 8305

    imo the sudo command is a great idea and that would be only used by certain roles that way its not abuseble in any way

     

    1
    Kommentarsåtgärder Permanent länk
  • TIMOL

    It would be a nice idea. Just a couple ideas of limitation. A Cooldown would be nice, and a view of the audit log, of course, so even if the owner does use the command to abuse, then the admins can Screenshoot the thing and report it for abuse to disscord.

    1
    Kommentarsåtgärder Permanent länk
  • Mr.Mask

    Lots of people do say they want it and others really dont

    I know why you people say its bad it is because abuse or it will end other relation ships and then like everyone having access or something but ill do a pros and cons

    Cons:
    Might end friendships
    ends clean records of rule breaking (what i mean is if someone has a cleanr ecord of no rules broken and its broken cuz sudo)

    Pros:
    Trolling
    YT CONTENT
    TTV CONTENT
    Other user reactions
    Other bots using this (As marketing maybe)

    IF ADDED:
    Cool down
    a sudoed badge
    User being sudoed gets a small notification

    1
    Kommentarsåtgärder Permanent länk
  • MrCreepSheep

    To be honest, this could be abused for servers. But, ya gotta agree with me. Sudoing would be awesome. Also abusing wouldn't be hard to spot as a sudo badge could be there, but if not, their name color would be different. But you can toggle badges or color changes from sudoes in the server settings so trolling can still be hidden from others. Also certain roles can see the changes as well and a sudoed person get a DM when they are sudoed.

    1
    Kommentarsåtgärder Permanent länk
  • Faces alt!

    This whould be fun but it is fair that only the owner has perms and the things with 2FA or something

    Sky_Dragonz said the rules and perms

    1
    Kommentarsåtgärder Permanent länk
  • Ace_Face ✔

    Stop downvoting, this could be used for actual emergencies
    like what if you get hacked and you sudo yourself on an alt to say im hacked

    1
    Kommentarsåtgärder Permanent länk
  • Sky_Dragonsz

    10 minute mail, also gmail accounts are free and making one is 1 minute of work. 

    I have a spare gmail account for sites I don't trust or for test purposes. 

     

    "It is like for used to test permisions and Trolling

    How are you going to test permissions with a sudo command?

    Ask a friend to join your server and take control over him with sudo? Why not directly asking him what to do and getting live feedback. 

     

    That's why I suggested an extra account for test purposes. 

     

     

    0
    Kommentarsåtgärder Permanent länk
  • Sky_Dragonsz

    Reさ, if a bot says harmful things its fine, you can just ban the bot, but with the sudo command you will not know if it was the owner that forced someone else to say those things or if it was the user that said that. 

     

    0
    Kommentarsåtgärder Permanent länk
  • Mr.Mask

    it would be logged onto audit log Sky_dragonz
    i suggest this idea is great and say that noboy should every time downvote it

    0
    Kommentarsåtgärder Permanent länk
  • thienbao860

    Have you ever thought about negative cause related to the suggestion you have? People here literally suggest you some harmfulness there, but you just keep trying to deny it. There are millions of people who are using Discord, and any type: good, bad, evil, childlish, etc. And I never think Discord will give a special feature random only to your ordinary guild. Don't just think about yourself; think about the others who got this feature and their complainment in the future

    Also, by you're saying: "Upvote this, don't downvote, etc.." is completely childlish. The voting system is for the expression the user given to the idea, not by the mean you will hunt down one by one you see them "hateful" to you because of the downvote. I hope you understand this. Also, I will not reply back whether you still want to hunt me or not. I'm just giving a downvote for this.

    0
    Kommentarsåtgärder Permanent länk
  • Scottieboy1794

    I would vote for a bot to sudo it’ll help with bots that can’t work without a person calling the command. As an example I would like for a bot I use to run a command for another bot with less work load but the other bot requires a person to run the command. I use Charlemagne for destiny 2 clan contributions and with the amount of people I rather one line instead of me doing everyone individually it’ll run the command by sudoing me when I tell it to. Plus make it owner only or admins based and then you don’t have to worry about other people trolling. It’s not that hard to keep others from trolling unless you want them too.

    0
    Kommentarsåtgärder Permanent länk
  • mohannad1220

    I think you can see if its sudo through a small detail and it changes every week

    0
    Kommentarsåtgärder Permanent länk
  • Mr.Mask

    noone cares. I made this like a year ago. Do u think I care?

    0
    Kommentarsåtgärder Permanent länk
  • thienbao860

    That's rude...

    0
    Kommentarsåtgärder Permanent länk
  • ø,¸¸,ø¤º° 𝑒𝓇Rᵒŕ °º¤ø,

    GREAT IDEA. IVE ALWAYS WANTEWD /SUDO

    0
    Kommentarsåtgärder Permanent länk
  • Sky_Dragonsz

    Its funny that you suddenly feel attacked because people think this is a bad idea/suggestion. They don't mean you are bad, so why the name calling? 

    Testing permissions can easily be done with an alt account (yes, I know you are lazy to make an alt even with 10 minute mail) or even asking a friend (that you want to force to sudo) to test the permissions. 

     

    I feel like this idea originated from the sudo command you can use on minecraft (with plugins), but on minecraft it is fine to use it. You can't do much harm on minecraft.  

    -1
    Kommentarsåtgärder Permanent länk
  • Mr.Mask

    you do know that 10minute mail dosent work on discord anymore it asks for phone number

    -1
    Kommentarsåtgärder Permanent länk

Du måste logga in om du vill lämna en kommentar.