When OnlyPublicWidgets is set to true Spring engine forces the client to send the widget code to host before it can be activated. Then allow remote widgets to be enabled/disabled like local widgets (and saved/downloaded).
A system like this would level the playing field tremendously.
Only public widgets
Moderator: Moderators
Re: Only public widgets
Nice idea. Or how about some kind of certificate that can sign widgets and only lets signed ones run?
Re: Only public widgets
This'll achieve nothing if my widget will just read a file and execute loadstring() on it.varikonniemi wrote:When OnlyPublicWidgets is set to true Spring engine forces the client to send the widget code to host before it can be activated. Then allow remote widgets to be enabled/disabled like local widgets (and saved/downloaded).
A system like this would level the playing field tremendously.
Certificates would introduce the whole security stack into Spring. That's huge and overly complicated.Jools wrote:Nice idea. Or how about some kind of certificate that can sign widgets and only lets signed ones run?
The most sane and simple solution is to just include these widgets in the game and make them off by default while disabling user widgets. A simple solution really.
Re: Only public widgets
Tying widgets to game is not so nice, because it requires a new game version just for adding a user widget. Would be nice to somehow sign widgets that are trusted and can be used by everyone, without including it into the game.
Would it not be as simple as having a database with widget hashes, that are trusted?
Would it not be as simple as having a database with widget hashes, that are trusted?
Re: Only public widgets
It depends on how you use the database.Jools wrote:Tying widgets to game is not so nice, because it requires a new game version just for adding a user widget. Would be nice to somehow sign widgets that are trusted and can be used by everyone, without including it into the game.
Would it not be as simple as having a database with widget hashes, that are trusted?
If the database were to be distributed with the game, you would still need to update the game each time you add or modify a user widget.
If you don't distribute it with the game, you'll still need to figure out a way how it can be accessed runtime, either by distributing it to the autohosts separately from the game or by providing a web API.
Lastly, the issue is the effectiveness. If any widget loads a file and executes it as code or uses some function from it (which is done pretty often with Config/Header files) it's going to be easy to work around it and simply add arbitrary code in the included file (which will never be hash-checked).
A solution exists of course, but I don't think it's worth the complexity and time required to implement it.
Re: Only public widgets
Why would you need this?
"A system like this would level the playing field tremendously."
What? explain.
"A system like this would level the playing field tremendously."
What? explain.
-
Forboding Angel
- Evolution RTS Developer
- Posts: 14673
- Joined: 17 Nov 2005, 02:43
Re: Only public widgets
He means the "Playing Field" in the literal sense.
Re: Only public widgets
That is a game project specific thing, it isn't his call. Don't we have white lists for this specific purpose? That could always be a mutator... "tournament mode" which would be a specific version of the game but with a whitelist of allowed widgets? or is he looking to ensure you don't just piggyback shit into the widget list?
-
Forboding Angel
- Evolution RTS Developer
- Posts: 14673
- Joined: 17 Nov 2005, 02:43
Re: Only public widgets
What he is saying is that someone could have a widget that does a lot of shit for him that the other guy has to do manually, or some extremely helpful thing. As an example, pretend the engine doesn't do line moves and one guy has the customformations widget and the other poor bastard has to order things around to single points.
That's what he's referring to. By making sure that everyone has the same widgets, the playing field is significantly leveled.
That's what he's referring to. By making sure that everyone has the same widgets, the playing field is significantly leveled.
Re: Only public widgets
and white list does not solve that?
Re: Only public widgets
I'm going to write a widget that displays a solid opaque rectangle over the screen if the current player isn't called 'AF'. This widget greatly enhances my play ability and I'm more than happy to share this widget using the proposed mechanism
I also like to render fake units on the map to make my forces look larger than they actually are. It helps improve my confidence as a player, perhaps other players would benefit from seeing my armies double in size, it'll build character
I also like to render fake units on the map to make my forces look larger than they actually are. It helps improve my confidence as a player, perhaps other players would benefit from seeing my armies double in size, it'll build character