Can someone break into a Leomund’s Tiny Hut via the Ethereal Plane?

I’ve got players who rely heavily on Leomund’s Tiny hut for a “safe” night time rest. I’m alright with them using it to help, but it gets irritating having a wrench thrown into my nighttime attacks. I have found some ways to deal such as Dispel Magic or having something camp them. One time, I even attacked and killed their horses which were outside the hut. I was going to try a burrowing creature but SageAdvice put forward that there IS a floor in the hut. That’s when I came across the Phase Spider. So the question:

Could something move into the Ethereal Plane, get to an area that would be inside Leomund’s Tiny Hut, and then move back to the Material Plane?

Is there a name for using a web site email feature to harass someone or the site?

The scenario is that a website has a password recovery feature: you enter your email and if you have an account with that email, it sends you a recovery link.

But then someone writes a script that requests a recovery every 5 seconds all day long and gives someone else’s email to:

  • harass that person
  • waste site resources sending emails
  • get the site blacklisted as a spammer
  • other unpleasant consequences

To be clear, the attacker doesn’t compromise the site, but just causes grief of different kinds via that site emailer channel. Does this have a name?

How would someone XSS into a WebView? iOS/Android

On the internet several articles exist about XSS vulnerabilities of using an Android/iOS WebView. I understand the main concept of XSS; on a regular website it could be achieved by for example redirecting someone to a URL with a manipulated query string in it.

But how would someone start an XSS attack on a WebView. I can think of one example myself: The app makes use of a deeplink/universal link. With the help of this universal link the app opens and an intent will load the requested page. When a user then clicks on a universal link like https://example.com/openpage/bar?query=<script>alert('XSS');</script> and the developer was really lazy this could result in XSS. But this is pretty easy to counter. And thus is nothing to get too scared about.

Of course a Server XSS Attack is also possible. But I mean Client XSS

Can you think of any other ways to exploit XSS? Because if the one I mentioned is the only one, I think the risk of an XSS attack on a WebView is minimal.

Need someone to create a web hosting service

Hi,
I need someone to create a fully functioning web hosting service. including front end and whmcs.

need to use something from themeforest. https://themeforest.net/search/whmcs
we will provide them for you. just select which one and we will buy a license.

need someone who has experience.
PM me with the cost and time. title your PM "web hosting project"
thanks.

Looking for someone to give me advice about an app idea

Basically, long story short… I have an app idea. I don not wish to disclose it in the open for obvious reasons. Basically I am just looking for someone to give me some advice and to get your personal opinion on it. the app is just an idea at the moment but I am determined to build it and make it a reality. The app is retail based so maybe someone with retail experience could help…but not compulsory.

If you are interested PLEASE message me on Instagram @trolleze Or by replying to this thread. Thank you in advance, Sam

Learning spells from someone else’s spellbook and then selling it?

Learning spells from someone else’s spellbook and then selling it?

Basically, the character is a Spellcaster and he decided to visit a library in the town they’re currently staying at to find spellbooks or scrolls. I had him roll a die to determine what spells he would find. He rolled a 20 and just to annoy him a little (We are friends so it’s fine) I gave him a level 9 spell.

Now, at the time I had no idea that Spells level 9 can cost up to 50 thousand gold pieces and I also didn’t think that it was that big of a deal. In a nutshell, the character sold the book for 40 thousand gp but before he did it, he copied the spell into his own spellbook.

The money isn’t that big of a deal as the campaign won’t change drastically, but my concern is whether a character can copy a spell they find in their own spellbook and then get rid of the source.


Note: This is my first time DMing.