 |
talonnb
Apprentice
Joined: 30 Oct 2004
Posts: 127
|
 Posted: Thu May 13, 2010 4:28 am
Passwording your code
|
Out of curiosity, since I publish my trigger system to multiple people and I would 'prefer' to charge to have access to it, is there a way to have some kind of password set up for the system? I've seen #AFK, but anyone could turn off trigs prior to connecting and just kill it.
What would be nice, if you feel like creating it Zugg, is some way for the library to have a section for code you sync each time you open Cmud, but have it require a password for access. I really don't want to have to code in self-destruct code into my system just to suit my needs if there's a command or something I can throw in. |
|
|
|
|
Rorso
Wizard
Joined: 14 Oct 2000
Posts: 1368
|
Posted: Thu May 13, 2010 10:12 pm
|
If you charge people for the "trigger system" you mean you make profit from the triggers like money?
A simple password wouldn't protect triggers as you could just share the password together with the triggers(or just open it with the package editor and remove the problematic lines).
About self destruct code. What if it turned out it destructed people's own triggers together with your trigger system? |
|
|
|
|
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
Posted: Thu May 13, 2010 10:52 pm
|
You can't do this. All scripts are distributed as source code so that people can look at your code to make sure it doesn't do something destructive or dishonest. Once you give people access to the source code, you can't prevent them from just making a copy of your scripts.
You might try talking to Larkin about how he sells his scripts. Most people that sell scripts are really selling the *support* of the scripts rather than the scripts themselves. And you can control who you give support (updates, help, etc) to by checking to see if they paid for the scripts.
But people will still copy your scripts and use them no matter what you do.
Look at the copy protection in CMUD...even that doesn't stop some people from hacking it and using it for free. If I can't completely protect CMUD itself, how would you ever hope to protect your scripts.
So back to the first answer: you can't. |
|
|
|
|
talonnb
Apprentice
Joined: 30 Oct 2004
Posts: 127
|
Posted: Fri May 14, 2010 10:15 pm
|
Yeah, I was thinking about this after I posted that nothing is perfect. I think burying self-destructive code is going to be the best thing.
As to your point Rorso, I personally don't care if someone's code gets deleted with mine, as if they want to take my coding information without permission, why should I care if my code deletes mine and there's?
And it would be more so the system couldn't be used against me, I'd know what turns it off anyhow. |
|
|
|
|
Rorso
Wizard
Joined: 14 Oct 2000
Posts: 1368
|
Posted: Sat May 15, 2010 11:29 am
|
Let's assume someone has your script. You send them your secret "tell" and cMUD erases their triggers. If they got the script in an email or similar the user would simply restore the script from backup and erase the offending triggers. Also they would notice your backdoor which could enable them to use it against you and other users of the script.
|
|
|
|
|
Arminas
Wizard
Joined: 11 Jul 2002
Posts: 1265
Location: USA
|
Posted: Sat May 15, 2010 4:40 pm
|
You could obfuscate your code, so that it requires a secret tell from you to make it work. (use things like %char etc and obscure regular expressions in the trigger.)
Have it gag your secret activation tell, and change or delete the activation trigger. Have it disable and re-enable logging before/after activation.
Add some fake tell that is NOT gagged that matches the NEW activation trigger that does not work, possibly does something nasty.
Have the script create a file upon activation that is required for the script to work properly. This is dropped either in your cmud directory or in your character folder.
This way if they try to just pass the script along after activation they probably will not have much luck.
At the very least add in a back door off switch to the script that you can activate via tell or whatever that is not present in your own code.
Also obfuscated of course. |
|
_________________
Arminas, The Invisible horseman
Windows 7 Pro 32 bit
AMD 64 X2 2.51 Dual Core, 2 GB of Ram |
 |
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Mon May 17, 2010 7:09 pm
|
This sounds rather dangerous to me. Security by obscurity is no real security. Installing a back door by which someone who knew the secret could trash someone else opens you (the script originator) up to moral, if not legal, issues. If I were a mud administrator and discovered someone who was distributing--for a fee!--a piece of code with a deliberate backdoor that would allow someone to trash at an opportune moment anyone using the code, I'd consider that grounds for permanent banning. And any player whose character was trashed because someone discovered and used the backdoor would have real cause to be righteously angry at you for designing it that way. If it were a pay-to-play mud, it could concievably be grounds for legal action.
|
|
|
|
|
Arminas
Wizard
Joined: 11 Jul 2002
Posts: 1265
Location: USA
|
Posted: Tue May 18, 2010 3:16 pm
|
I might add that I have not added any malicious code to anything that I have distributed, or any backdoors. I simply state methods to do so in a general manner.
Nor have I sold for any type of fee any of the code that I have distributed. I HAVE obfuscated my code however and do know how to do the things I mentioned above.
If you tell people that the backdoor is present, sure they may choose to not purchase the script, but if they do with the knowledge of the danger that is your disclaimer. |
|
_________________
Arminas, The Invisible horseman
Windows 7 Pro 32 bit
AMD 64 X2 2.51 Dual Core, 2 GB of Ram |
|
|
|
|
|
|
