Itâs a really nice idea, I can imagine if itâs not proven unsafe then this could be really useful for people like me who are too lazy to download stuff the normal way. xD
Moved to Plugin Discussion.
If the server just provides links to Ore, and Ore is safe, no problem right?
If someone hacks this together Iâll happily provide a POC showing the security vulnerabilities here. I can think of multiple just off of the top of my head. However it really depends on the implementation. Though each implementation will have itâs flaws.
1 Like
It seems in the faq it is said that Sponge wonât send plugins to client⌠Obsidian did this right?
Why would the server need to send plugins to the client? Plugins are server-side only entities and as long as you are connected to a server with the plugins the client does not need to have them. This seems to fall under the automatically downloaded mods category.
I support something like this whole-heartedly on the other hand for use by mapmakers or perhaps even someday for client-side mods themselves for both modded servers and maps, if there is ever a semi-secure repository for them.
I think, if handled correctly with the appropriate amount of paranoia then something like this could be great, but hey, obviously a lot of people freak the hell out when they see âdownload plugins directly from oreâ so I canât really say much.
This would be for client plugins when Sponge gets a client side API or possibly for Forge mods too though they wonât use Ore.
I saw that some people were interested in dowloading stuff from the server so I will try to pursue making it possible (though only as a PoC and shouldnât be used in production).
1 Like
I love this idea, and it should be introduced within Vanilla in my opinion, however before joining a server, it should warn the user that potentially harmful files may be downloaded.
On a side note:
Would it be safe for Minecraft to just download/read scala scripts? Would that be safer as they could limit what could be interpreted in scala?
for example:
Maybe they could just add stuff like gui support, packet sending to server etc⌠so that servers can truly customize their player experience without the users worrying about harmful files.
Update (because who doesnât like those 
)
[ul]
[li] I have got the server to send a list of plugins to the client using Spongeâs Network API.[/li]
[li]Vanilla handles the response gracefully, the server will kick them 
[/li]
[li]When using the mod on the client, it will download them (not implemented yet)
[/li]
[li]Limitation - Ore is not a usable product yet, thereâs only so far I can go at the moment.[/li]
[li]To decrease the risk of the server sending bad things, itâs completely up to the client to deal with the necessary plugins. The server sends a list of all plugins the client will need, and will hang up if the client does not give the âall OKâ message.[/li]
[/ul]
3 Likes
@simon816
I suggest the ability to add âoptionalâ downloads. Plugins not required, but can be used if the client wants them (ie minimap, redesigned hud, ext).
I also suggest (if possible) an option to separate plugins for each server in their own folder.
Where could I download it?
I have not worked on this since my last update post, there is nothing useful that it does at the moment.
I have not seen any plugins that have clients-side features as of yet so I donât see a reason for this to be needed right now.
Do you have any source anywhere?
Now I do 
is this updated, if so how do I install it?