Need Help Protecting My Plugins.

Discussion in 'Spigot Plugin Help' started by RonFarkash, May 12, 2015.

  1. Hello there Spigot forum users. A big part of you knows how to sell plugins for money and such. All of you must protect your effort being put in the plugin so someone who doesn't have the plugin won't be able to use it (Something like protection).

    I need help in order to protect some of the stuff I'm making for a server. So only that server will be able to use the plugin.

    What would help even more is protection against people that might be able to steal our server files.
    (If this one isn't possible I would just like to know how to protect my jars from those thieves).

    Thank you in advance.
  2. If you don't trust the server owner, why not work for another server?

    Possible options:
    • A special key that must be defined in the config, if the key is different the plugin disables itself. (This code can easily be removed) EDIT: Or some sort of webserver which verifies the authenticity of the key, since the key can be read from the source (or a hash instead of a key, that's better)
    • Obfuscate your code. (This will make it harder to read, but not impossible. Also this does not counter the actual sharing of jars)
    • Or a combination, but still, it's easy to remove the disabling part.
    • Like Like x 1
  3. Give your server owner all rights to the source code (for a slightly higher price).

    Really, you can't protect bukkit plugins effectively. Obfuscation only works well for big projects and see how well Mojang could obfuscate minecraft.
    All other verification method is pretty useless if the thief only needs to remove one or two line(s) of code.
    If you'd release your premium plugin to the public I'd understand your concern, but as you develop for a single server owner just admit he has all rights.
  4. It is not that I don't trust the owner. The community is filled with bunch of hackers. If I give my plugins to the owner there will be a risk of it being taken.
  5. I dont think its possible in anyway that your plugins would/ could be leaked unless you or your partner has given out some information.
    Unless your password is very short i genuinely dont think anyone could get access to your credentials.
    i maybe wrong, if soo correct me.. :)
  6. Well I guess this cannot be helped.

    Unless I make some remote controlled self destructing method I will never feel safe...

    Talking about self destruction is there any way to make a plugin delete files?
  7. You should be able to use File.delete() to delete a file.
  8. Deleting a jar while it's running probably wouldn't work, for the same reason you can't delete a plugin while the server is using it... might - not positive.
  9. Uhn maybe it won't delete the plugin itself. Maybe the rest of the files? Something that could destroy files like users.json.

    Just so I will be able to control things in case the plugin get stolen.
  10. That's pretty illegal...
    • Agree Agree x 1
  11. Alright I guess I will just have to trust him.
  12. It's more of an addon to a plugin. The problem is the host itself can be hacked and the files can be stolen. But after reading that thread up in the replies, I realized you have to get a safe host xD.
  13. Mojang makes things awkward. People actually use the source code for Bukkit (and Spigot), Mods and loads of other stuff. It'd be so much easier if it wasn't.

    It won't work at all. The JVM locks the file to prevent deletion.

    Not relevant at all. He wants to stop his plugin being stolen physically. Not the name of it being taken.
  14. Obfuscation and kill switches are as good as it gets I'm afraid. I recommend some sort of IP whitelist.
  15. Fix: Become your own dev.

    Tested: YES, MEH LOL
  16. i have seen in linux that you are able to delete an jar file while its running and locked by JVM
  17. You can delete it in Windows too. But Java will not delete the jar itself.
    Code (Text):

    File file = new File("/plugins/something.jar");
    That won't work. Java is just like nup.