Everything is in the summary.
The server will not check ( yet ? ) if your .pbo are in order.
It means that you can delete the .pbo files of your choice and get a game without trees, or specific buildings, which of course is absolutely broken and make encounters even more unreliable than they are actually.
This is a critical issue wich can, and will, lead to huge exploits and should be considered like one.
( Steam / steamapps / common / DayZ / addons )
( plants2_plant, plants2_tree, etc )
This was solved in Arma 2 by setting verifySignatures = 2; in the server config. This simply does not allow people to join without those files.
Will test on our server soon and report back.
This needs to be voted up, this must be the most important issue i've seen on here so far.
+1 Needs fixing.
Managed to drop a backpack into a position between two trees where it wasn't accessible because of the trees clipping over it. We don't have tents so was trying to make a temp cache. Removed all trees, and was able to retrieve backpack.
(Trees are all back, btw.) [Didn't matter. Was hit by a server restart and character wiped on reconnect (unrelated)].
Well I tried to change our servers config but at the minute they are read only. I've submitted a ticked to see if either they can change it or let the owners of the server change it. Will report back tomorrow as soon as I get a reply.
Sorry for the lack of comms, this Christmas thing isn't all it's cracked up to be!
Ok update time.
Our server provider has given us the option of setting a custom verifySignatures = option. We have set it to 2 but in the actual config it reads as verifySignatures = $$sv_pure$$; not verifySignatures = 2; as it should be. I've asked them to change it to that to test with as currently using verifySignatures = $$sv_pure$$; you are still able to join the server without the files.
Updated update. Setting verifySignatures = 2; still DOES NOT WORK!
I completely forgot about this but the devs need to add in the correct .bikeys for the .pbo files that the game uses.
Setting verifySignatures = 2; will stop anyone from joining your server.
Nothing we can do to stop this, devs need to go onto this ASAP so vote this up guys.
They locked it to manage the server load. With this option enabled the servers have to check every players files individually which takes considerable power. Hope it will soon be enabled. And that everybody plays fair up till then.
There is a way to bypass signature verification that is already going around, people are simply moving the plants / buildings PBOs back into their original folders before joining servers. Since initial asset loading is handled before server side checks and battleye are enabled, neither of these seem to catch this method.