Sending Mods To Client

Sponge Sponge Development
64

What about doing it in a way like space engineers does through steam. Basically the server has a list of mods with unique ids. then the client tries to join, gets sent these ids and then auto downloads them from the sponge repo. This of course would require a central download location for all mods however and I’m sure it is a ton of work, but it is safe.

65

Space Engineers mods don’t involve any code (yet). Its all models, textures, and modified xml files, at least the ones on the steam workshop that get downloaded

I’m not stating this as fact btw Its just from my observations of the content. If coded modding was on the steam workshop it would be obvious as we would have have NPCs, working shields, actual lasers, and whatever else the community wants added on the steam workshop.

EDIT:
Although my above statement is correct it soon will be wrong it seems

However

"Modding API (total access) – this will be an extension of the modding API and all safety restrictions will be lifted (no sandboxed environment). You will be able to write DLL files that can access in-game objects and essentially do whatever you want. These scripts/DLLs won’t be shared on Steam Workshop (it would be too risky)."

66

I think Minecraft Vanilla should have a system to do this, that’s what I’m waiting for since the anouncement of the official modding API.

Yeah, there are security issues, but, if we could “verify” a mod like it was said before or if a server could send “blocks/items/crafting recipes” directly to the client via only a configuration file which tells things like blocks properties, command associated to item, and a simple texture image stored in something like a .zip file, a little like what Spout did.

That would be easier for server owners than telling their players which mod to use or imposing them to use a custom launcher, in the French Minecraft community for example, there are loads of servers that use crappy coded launchers where we don’t know what it does with our login/pass, those launchers could steal our Minecraft Account.

That’s why I hope that Sponge will help on that kind of things.

I don’t know if my post is totally understandable but that’s what I think about that.

67

Your post it perfectly understandable! :smile:
This is exactly what I was hoping for in the modding API and Sponge. I hope at least this will somehow get implemented if not full mod downloading.

68

There are several things we should obviously make clear in implementing this:

  1. The server owner can’t be trusted. Because there are so many servers, there are bound to some ‘bad apples’ that wish to download malicious code to the clients. Because this is so easy for the server to do, we just cannot allow the server to stream mods to the client. This leads to the second point…
  2. The only way to ensure security is downloading mods from a central repository. This prevents malicious servers, however, it is still possible for people to upload malicious mods. However, then there needs to be a team to review the mods, which doesn’t scale.

Here’s what I suggest. Not every mod has to be reviewed. Only the ones that will be downloaded. This depends on several criteria, but it’s probably going to be popularity and whether the mod is client side. I would suggest that anyone can upload mods to the repository, but the client only downloads them when they’ve been ‘client-side approved’. This limits how many mods the team has to review, yet it still ensures that only ‘good’ mods will be downloaded by the client. Every other mod not client-side approved will have a flag button if a server owner downloads it and finds it to be malicious.

69

check out the clone topic for more discussion here: How, security-wise, is having mods sent different than downloading mods?

(should have been placed here, but it wasn’t and it contains some valid points)

70

The other topic is a clone of this one. The topic owner should have discussed in this one.

71

I quite like the idea of an official repository, but also, because of the aforementioned issues, I’d think an approval system and a certificate system would be nice in combination. Ideally, I’d like to see a system where, when a user connects to a server, it can loop through mods that are either from the official repo, then if it’s not verified, prompt the user with a warning about unverified contents, then a warning for other mods not from the official repo that are attempting to auto-install or update. This would ideally allow the repo and approval system to work while not making it required. It may also be worth having a partially verified warning in case the contents of a mod have been modified and not re-verified on the official repo, but has generally been safe prior. Having said all that, it would seem like it’d then be up to the user and the user alone to make a safe decision, instead of Sponge team taking all the responsibility. Sorry if this is a repeated idea, skimmed over a lot of posts.

-EDIT- Fairly terrible grammar up there ^ Sorry again.

72

Ok , but if the server doesn’t physically send anything to the client and rather tells the client which mods it needs to download from a central repo . wouldn’t that negate any security issues. It could even prompt the client with a list of all the mods it will install and whether or not it wants to continue. I mean I guess a server owner could upload a malicious file to the repo and then a client could join said server and be told to download it but that’s a risk with any download regardless of whether the client or server initiates the download. And if its uploaded to a central repo similar to the bukkit plugins repo where things have to be approved that should pretty much assure that no malicious content will be downloaded by the client. I could be totally wrong in my reasoning though.

73

Could take a technic pack styled approach to this by forcing users to add servers to a launcher and make it possible for them to browse the plugins downloaded for the client?
Just an idea.

74

What I think some people don’t realize, is someone can make a mod like this:

(Please excuse my Windows only example)
This deletes all of your files

public void onModLoad() {
    Directory.RemoveRecursive("C:\\"); // <<=== Deletes all files from the C drive
}

and call it Industrial Craft 2.
Since no one actually sees the server mod files when they first join(Because they haven’t yet been downloaded), they won’t know that it isn’t the real Industrial Craft 2.

The mod loads and bad things happen…

75

Someone has written a custom, open-source sandbox called java-sandbox: http://blog.datenwerke.net/p/the-java-sandbox.html. It actually seems to be pretty safe and reliable, and it’s designed for running untrusted code. We just need to set up some permissions, and then code can be pretty secure.

1 Like
76

That’s why I proposed no direct file sending between the server and client. And instead have the server just tell the client to automatically download the mods from the theoretical central mod repo which would require a mod being approved before being posted much like bukkitdev.

77

I love the honesty of the Sponge team thus far. I’m glad that things such as this are explained honestly and straight-forward.

78

Well considering the fact that it looks like sponge or forge have no intentions of doing something like this, there is a possibility someone could write this as a coremod for forge along with sponge. The user would have to download a custom client much like spout and there would need to be a LOT of security measures in place for something like this such as having an official mod repo (yes, I know there are issues with this) and the server would send the client a Mod ID for it to download from the repo (there would need to be some checksum verification here too). I do see this as a possibility but I don’t see it ever being included in sponge or forge itself.

79

H!, Has anyone ever thought about private servers plugins? What will happen if all the servers have to give the client their own plugins, does this not cause large servers that do not use a sponge?
I understand the security risks but administrators also understand that pay money to developers to create these great mini-games to enjoy in some servers, for example as HyPixel.

And if somehow we make a small plugin all items and blocks are created on the client and are sent from the server to call? Do not know if this is possible, maybe if you ask forge if the customer has installed the “public” mod then we can get mod created by the little blocks mod without publishing our complete plugin.

80

Should probably direct comments to this thread: Plugin Hosting as it was started by a moderator and has a lot to do with this.

@JessHilario
As for private plugins, most games that use the official repo system also allow private plugins to run, they just won’t be as secure, and you may lose some users if they think they’re client is in danger of receiving malicious code. So using an official repo would not generally interfere with private plugins, but players would need to install them manually, as the client wouldn’t want to auto-install unvalidated plugins.

81

additionally the only way it could be a private plugin would be if it was server side only in which case it wouldnt need to be sent to the client in the first place.

82

Instead of pushing mods/plugins to a client, maybe something that is in the form of a launcher that is similar to MultiMC. The launcher could allow a user to pick and choose mods/plugins from an approved list. Possibly it could also allow a user to pick and choose mod packs that server owners have created from the approved mods/plugins.

And of course, there should be a way to inject/import unapproved mods/plugins as well.

Just my thoughts and 2¢

83

Well in the case of an official repo you could set a mod to “private”
@junrall Like MultiMC if you have the server simply sending a mod ID for the client to download from the repo itself it works even better than having to manually select the mods/plugins from a list.

1 Like