Someone has written a custom, open-source sandbox called java-sandbox: http://blog.datenwerke.net/p/the-java-sandbox.html. It actually seems to be pretty safe and reliable, and it’s designed for running untrusted code. We just need to set up some permissions, and then code can be pretty secure.
1 Like
That’s why I proposed no direct file sending between the server and client. And instead have the server just tell the client to automatically download the mods from the theoretical central mod repo which would require a mod being approved before being posted much like bukkitdev.
I love the honesty of the Sponge team thus far. I’m glad that things such as this are explained honestly and straight-forward.
Well considering the fact that it looks like sponge or forge have no intentions of doing something like this, there is a possibility someone could write this as a coremod for forge along with sponge. The user would have to download a custom client much like spout and there would need to be a LOT of security measures in place for something like this such as having an official mod repo (yes, I know there are issues with this) and the server would send the client a Mod ID for it to download from the repo (there would need to be some checksum verification here too). I do see this as a possibility but I don’t see it ever being included in sponge or forge itself.
H!, Has anyone ever thought about private servers plugins? What will happen if all the servers have to give the client their own plugins, does this not cause large servers that do not use a sponge?
I understand the security risks but administrators also understand that pay money to developers to create these great mini-games to enjoy in some servers, for example as HyPixel.
And if somehow we make a small plugin all items and blocks are created on the client and are sent from the server to call? Do not know if this is possible, maybe if you ask forge if the customer has installed the “public” mod then we can get mod created by the little blocks mod without publishing our complete plugin.
Should probably direct comments to this thread: Plugin Hosting as it was started by a moderator and has a lot to do with this.
@JessHilario
As for private plugins, most games that use the official repo system also allow private plugins to run, they just won’t be as secure, and you may lose some users if they think they’re client is in danger of receiving malicious code. So using an official repo would not generally interfere with private plugins, but players would need to install them manually, as the client wouldn’t want to auto-install unvalidated plugins.
additionally the only way it could be a private plugin would be if it was server side only in which case it wouldnt need to be sent to the client in the first place.
Instead of pushing mods/plugins to a client, maybe something that is in the form of a launcher that is similar to MultiMC. The launcher could allow a user to pick and choose mods/plugins from an approved list. Possibly it could also allow a user to pick and choose mod packs that server owners have created from the approved mods/plugins.
And of course, there should be a way to inject/import unapproved mods/plugins as well.
Just my thoughts and 2¢
Well in the case of an official repo you could set a mod to “private”
@junrall Like MultiMC if you have the server simply sending a mod ID for the client to download from the repo itself it works even better than having to manually select the mods/plugins from a list.
1 Like
I see your point… makes sense.
I guess that something like MultiMC would be more beneficial to mod pack creators that wish to use approved mods/plugins.
Would still like to see a launcher just for Sponge… but that is for another thread!
Rather than having an official mod/plugin repository with admins that double-check each for threats, how about this? You download a “master server config” or something like that from the server owner; this file contains the server IP and server name, mod name, mod version, and download links to all the mods, optionally a name/version/download link to a texture pack, and a download link to a ZIP file with configs (possibly JSON format?). You can check this file yourself and/or individually download each file if you don’t trust the server owner; otherwise, you drag/import the file into Sponge, and it automatically adds a server entry into the multiplayer menu, and downloads the mods (possibly with a progress bar beneath the server entry?). If the server updates, all you do is drag in a new “master server config” file, and it automatically updates (and of course you can check this new one). Each server’s mods, texture packs, and configs are in separate folders, and/or are disabled/enabled per server.
This seems like it solves the problem with automatically downloading a mod, or forging a trusted mod name (because you can see the download link). It also adds the ability to automatically download a specific server config.
Thoughts?
I see what you mean and this is a good idea but consider this scenario… The server sends over the file and you open it up and open the links, everything looks pretty legit but one of the downloads is actually malicious and the link is to a spoofed website with fake reviews (people do this all the time), you think it is legit, you import it into sponge and then the code infects your computer. Still a certain amount of security risk, granted all the responsibility to verify the mod is now on the user him/herself.
2 Likes
Me and you share the same idea. By requiring an approval process and forcing it to a central repo, imo that makes it more safe than downloading a mod off a Minecraft forums post. Though a lot of work for approval.
This sort of thing already exists though. Like you said, MultiMC or Technic (which is more for serving modpacks). People know about these solutions as they have been around for years. Some people want to try a different solution, though it has been discussed in length that it might be more than difficult.
This is the whole goal of Obsidian Box, homepage over here: http://obsidianbox.org/news/
We will be using sponge as the API, don’t reinvent the wheel please, we’ve got some great developers on the project.
Sounds promising. How possible do you think doing something like this would be?
Very very possible. I think it’s possible to do this without any special work. Unfortunately it would require running two servers.
Yes, Obsidian is my project.
My goal was, at first, to send addon jars (external code) to the client…but that is a mess in and of itself. My teammates and I also hit issues with the client not having the blocks that exist on the server during the handshake process (which caused FML to kick us)
That said, 1.8 changes things. We can probably send the new blocks from the server now using combo of fml/vanilla which would bring me closer to my dream with Obsidian.
Will take a bit though as my hands are full currently running Sponge’s development :p.
3 Likes
I would also like to mention, just to dispel the idea that this would be terribly unsafe. That I was planning to make sure that we did code signing on jars we sent to the client from the server.
If you want to allow the server itself to send jars that’s a players own choice, like an Android application.
That’s the plan I was thinking anyway.
Very correct, let’s say
server owner sends a virus into the players client and bye player and the owner could have another computer apart of his/her botnet and use that to DDoS servers, isn’t this also a legal issue? wouldn’t it be illegal?