1.17.1 Is there a way to connect to a server that host my code ?

Discussion in 'Spigot Plugin Development' started by joschma, Jul 31, 2021.

Thread Status:
Not open for further replies.
  1. I have a problem I want to hide code. So i tought the best way to hide code is to put it on a server ? Does any one has an idea on how to do it ?
     
  2. You could create a REST API server and have the plugin connect to that.
     
  3. You are everything besides specific here.

    Could you provide us a little more information regarding your question.
    Do you want to obfuscate your code? Do you want to create a hidden project, such as Github private repositories?
    Or do you want to hide your code from everyone, which is technically not possible, since in order to execute the code on a Minecraft server, you need to provide the JVM with the bytecode, which is decompilable. (Assuming that you are talking about plugins)
     
  4. I think I have found a solution I will use java sockets.
    I want the logic of my code executed some were else so that if you decompile my plugin you just see were the plugin is connecting and not the actual logic behind it.

    But can you tell me a bit more about the git reposite ?
     
  5. Don't do it, seriously. Do not bother with this unless you want it to be a learning experience, its just incredibly stupid to try doing this for the sake of hiding your sources. Any software worth cracking will be cracked, any software not worth cracking isn't worth protecting. Putting aside the bottleneck of server performance, and hosting cost, you are at risk for getting your servers DDOS-ed, maintaining network security, scalability and whatever else is a huge challenge by itself.

    And usually these sorta ideas crop up when people wanna do a premium resource, and I am sorry to inform you but this will get your resource rejected - your plugin must be able to run without a network connection. At best you can offer this as an extension to your main functionality, but you cannot make your primary functionality gated like this.

    But scalability really is the biggest issue here.

    If you care for protecting your sources, don't. Anyone who can create code of a relevant standard that it'd be worth being stolen knows that the biggest waste of time is setting up an elaborate anti-code-theft system. Just slap it with an obfuscator and be done with it.
     
    • Agree Agree x 6
    • Like Like x 1
  6. There is not much logic besides CRUD operations that someone, with not much experience like you, would hide.
    If you'd be a decent developer, you would know that this is not acceptable for many reasons.
    First, it is not needed since executing code on a single server causes it to overload, besides speaking of the huge delay between server and client.
    Second, hosting your code externally is more dangerous since this can affect many servers at once.
    That makes you the perfect target for potentially red had hackers.

    So please do not proceed with this outrageous project idea.
    And start by learning about GitHub private repositories to store/maintain/update your code.
     
  7. Why even bother?
    Just make it open source to save yourself the hassle.
     
    • Agree Agree x 1
  8. If you really wanna protect your code, I would not go further than an obfuscator. Creating a connection with sockets will firstly increase time waiting. It will take typically 0-100ms depending on the proximity of the server. In addition, it is a lot more work to do that. Would highly, HIGHLY recommend not socket/rest API route.

    Most of the time, it isn't even worth the time to obfuscate. Sometimes it is good to even go the open-source route depending on your goals.
     
    • Agree Agree x 1
  9. Strahan

    Benefactor

    It can still be useful when ran locally; if anything, more useful.

    I assume you mean sensitive data. If you are wanting to protect your plugin users' sensitive data, a good start is to not broadcast it across the internet. If I have data that are sensitive, I'd ideally want to keep it in a local repository not on some random server I don't trust.

    You're giving a good reason not to do what you are saying now :)
     
  10. Maybe you should tell us what you actually want to do that requires you to store data or logic on a server controlled by you.

    Because so far you haven't really been convincing in that this is a good solution to whatever problem you're trying to solve, nor that you're fully aware of the implications this architecture would come with, in particular in terms of security for all sides involved.

    And with the lack of information it's hard making good recommendations on how to solve it properly.
     
Thread Status:
Not open for further replies.