Author Topic: GUI / Script transferring (Read 2386 times)

hammereditor² · October 11, 2013, 11:21:20 AM

Let's say you join a Blockland server, and you need to download a GUI or client-sided script in order to play properly.
Isn't it annoying to have to get a new add-on, and restart Blockland?
Server hosts, don't you think you could retain more players if the GUI could just be transferred to them automatically?
I know Blockland Glass does this, but isn't it kind of a dead mod?
And what if you just want code transferring without everything BLG offers?
I was thinking of making an add-on where Blockland servers could transfer scripts and GUI's to the client.
Client
When a player joins, it tells them that a client-sided mod is available. The code is transferred immediately. A GUI pops up, giving the client 4 options:

Install and run: The code is saved into a file in the /config/code transfer/ folder, and it is executed. Every time the game s
tarts up, the script is executed again.
Install only: The code is saved to a file, but not executed. It will not auto-execute on startup. To do that, the player must modify their preferences.
Run only: The script is saved to a file and executed. But after execution, the file is deleted.
Do not use: The code is not installed or ran.

When the client connects to the server, a 'handshake' is initiated by the server. It sends the required names of the scripts.
The client checks if it has each script. If a script is installed but not enabled (the "Install only" option was used on it), a prompt tells the client to either execute it now, make it auto-execute on startup, or don't run it.
If a script is missing, the client adds it to a list of scripts it doesn't have.
The client then sends the list, and the server tells the client to display prompts (with the 4 options above) in order to handle the missing code.

In order for the configurations to work, each script will have some properties:

Name: The name of the script. This is also the filename the script has on both the server and the client.
Version: The version of the script. I would probably not have versions and updating in the first release of the add-on.
Auto-execute: This can either be true or false, and says whether the script should be executed on Blockland startup. This is only controlled by the client when they install it.

These 3 attributes will be defined in a configuration file. Auto-execution can be changed by the client.
Server
The server-side part of the application has a folder with scripts which should be transferred to the client. There are preferences for choosing which scripts to transfer.

Do you think a code-transfer system would be useful?

Ad Bot · Advertisement

Rub · October 11, 2013, 11:24:31 AM

Which bit of your brain decided this would be safe? Do you not see the massive security flaw in letting the server send a client a script and auto-execute it?

Zeblote · October 11, 2013, 11:27:37 AM

Quote from: hammereditor² on October 11, 2013, 11:21:20 AM

Do you think a code-transfer system would be useful?

no

Pandan · October 11, 2013, 11:32:10 AM

Being able to download GUI from the server has been a fantasy for sometime now.

Also as Rub said, I couldn't help but think this would be using volatility.

hammereditor² · October 11, 2013, 11:33:06 AM

Quote from: Rub on October 11, 2013, 11:24:31 AM

Which bit of your brain decided this would be safe? Do you not see the massive security flaw in letting the server send a client a script and auto-execute it?

If you haven't read the OP, the script is only transferred. Nothing will happen if you don't execute it.
The client decides whether they want to execute the code or not.

Crøwn · October 11, 2013, 11:47:52 AM

This would be really sweet if it worked and was safe.

Pandan · October 11, 2013, 11:49:47 AM

Quote from: hammereditor² on October 11, 2013, 11:33:06 AM

If you haven't read the OP, the script is only transferred. Nothing will happen if you don't execute it.
The client decides whether they want to execute the code or not.

Only problem is that most players don't know what is safe to run. And will probably end up just running anything they're told to get so they can play.

Ephialtes · October 11, 2013, 12:02:50 PM

I wouldn't allow this to be released. There's no way to transfer safe code and about 1% of the Blockland population are able to give informed consent to run a script they just downloaded from a server.

Zeblote · October 11, 2013, 12:09:27 PM

Quote from: Ephialtes on October 11, 2013, 12:02:50 PM

I wouldn't allow this to be released. There's no way to transfer safe code and about 1% of the Blockland population are able to give informed consent to run a script they just downloaded from a server.

Though maybe you could create something so the server can have clients auto-load an approved client add-on from rtb?

hammereditor² · October 11, 2013, 12:31:46 PM

Quote from: Ephialtes on October 11, 2013, 12:02:50 PM

I wouldn't allow this to be released. There's no way to transfer safe code and about 1% of the Blockland population are able to give informed consent to run a script they just downloaded from a server.

So I could post the finished add-on in Modification discussion, but not the Add-ons section of the forums?
What if the client's side detected volatile functions which could be used to do malicious things, such as file operations?
And what if there was a system to blacklist scripts, host BL_ID's, and servers which they came from?

Ephialtes · October 11, 2013, 01:23:03 PM

Quote from: hammereditor² on October 11, 2013, 12:31:46 PM

What if the client's side detected volatile functions which could be used to do malicious things, such as file operations?

Quote from: Ephialtes on October 11, 2013, 12:02:50 PM

There's no way to transfer safe code

And no, you can't release it at all. It's just dangerous and it's irresponsible of you to even try. People will always find a way around whatever you try to do to prevent it.

Zeblote · October 11, 2013, 01:34:48 PM

Quote from: Ephialtes on October 11, 2013, 01:23:03 PM

And no, you can't release it at all. It's just dangerous and it's irresponsible of you to even try. People will always find a way around whatever you try to do to prevent it.

What about this? That would be very useful.

Quote from: Zeblote on October 11, 2013, 12:09:27 PM

Though maybe you could create something so the server can have clients auto-load an approved client add-on from rtb?

hammereditor² · October 11, 2013, 01:55:27 PM

Quote from: Ephialtes on October 11, 2013, 01:23:03 PM

And no, you can't release it at all.

I will release this outside of the Blockland forums, then.

Quote from: Zeblote on October 11, 2013, 12:09:27 PM

Though maybe you could create something so the server can have clients auto-load an approved client add-on from rtb?

I've thought about this, and not too many GUI's for servers end up on RTB.

Ephialtes · October 11, 2013, 04:06:49 PM

Quote from: hammereditor² on October 11, 2013, 01:55:27 PM

I will release this outside of the Blockland forums, then.

There's no point being stubborn for the sake of it. If you want your hard work to be crap-on'd and fail binned then by all means go for it but I'm telling you now and anyone with a brain will agree; this is not possible to do safely and will just result in a dangerous add-on for malicious users to exploit. This won't be such a useful mod when you're the only one using it.

elm · October 11, 2013, 08:26:31 PM

Hammer, just don't release it, it's too easy to exploit.