Clients have the ability to change literally every ExtraData config of the server. And further, they can register false entries - if for example extra data for display configuration with 3 pegs do not exist yet, it can be registered with the wrong data type. The cause of this is that until the SUCC file for that extra data is deleted - it is not possible to use the 3 peg displays - as the server will ignore requests and possibly throw exceptions.
In my case, I was able to edit the world floor for everyone connected to the server (server owners gonna love my party trick!) - While I have a way to “undo” my change - other malicious users won’t have that…
Issue is related to my request to restrict the change of simulation.
Good thoughts. ExtraData is a bit of a messy system at the moment, it needs cleanup.