02-21-2008, 06:21 PM
As you probably know, MTA allows both server- as client-side scripts. There is however one large security with this: for per-player minigames, as for example the idea's for a training minigame I've posted in the VIP forums, the entire minigame needs to be available on the player's installation. This means the file itself gets posted on his/her harddrive, and using a simple copy-/paste people will be able to use it for their own servers.
Ofcourse this isn't something we want, therefore I'd like to use this topic as a place to discuss how we're going to make sure this doesn't happen. If you have any idea, no matter how rediculous it is, on how to implement some security, please post it in this thread and we'll discuss it later on.
Idea's coming from myself:
Any other idea's so far?
Ofcourse this isn't something we want, therefore I'd like to use this topic as a place to discuss how we're going to make sure this doesn't happen. If you have any idea, no matter how rediculous it is, on how to implement some security, please post it in this thread and we'll discuss it later on.
Idea's coming from myself:
- Compiling all client-side scripts
LUA allows you to compile scripts prior to actually using them, which is exactly what we'll be doing. All scripts running on the server which will have client-side impact must be compiled at all times, to prevent people from easily copying them. There are, however, ways to decode these scripts, as easy as the click of a button, so we might have to look for some kind of encryption to include with them.
- Using security-tokens
Before a script may actually run, I think it's a wise idea to send a specific token to the server to check whether we're actually allowed to run the script. Lock everything until we're allowed to run. Even if people copy-/paste the script onto their own servers, they won't be able to run it due to our token-system.
Any other idea's so far?