[New Idea] Secure your plugins? - Page 2

Powerlord · *Last edited by Powerlord; 02-26-2013 at 21:48.*

Quote:

Originally Posted by Blackglade

I apologize but i am not so skilled in programming Source, how would someone bypass the IP check if it is built into the plugin? Oh btw this post was made under the assumption that the source code is not given to the man who buys the plugin.

That assumption would be wrong.

Even with just the binary, they could just use Lysis to decompile it. Lysis isn't perfect, but it's good enough for a developer to figure out what it does and recreate it.

Having said that, buying the plugin from someone other than the original author generally means no support.

sdz · 02-26-2013 , 22:31 Re: [New Idea] Secure your plugins?

Quote:

Originally Posted by Blackglade

I apologize but i am not so skilled in programming Source, how would someone bypass the IP check if it is built into the plugin? Oh btw this post was made under the assumption that the source code is not given to the man who buys the plugin.

They can

A.) As stated earlier, recreate the plugin
Or
B.) Create something to spoof the IP of the server? I'm not sure but I don't think it would be hard.

Zephyrus · *Last edited by Zephyrus; 02-27-2013 at 00:30.*

Quote:

Originally Posted by EasSidezz

You're being payed for the time, and effort you put into it, not for the actual content. Therefore, you're allowed to do whatever you want with it once purchased.

uh no, if someone makes a plugin and wants to sell you pay for it and not for the time he spent on it. btw mckay, i wasnt paranoid and where did it get me? half the servers with my OLD store plugin has got it from either some friend for free, from a reseller or hackforums because some dickhead uploaded it there too (best thing is that he got it for free from someelse too or got it from reseller), and the best thing is that i constantly get what a piece of shit person i am because when these ppl message me on sourcemod.com for support i tell them to ask the guy they got it from... also that plugni is like 2 years old and i spent 6 hours doing it, its pretty ugly as hell as well lmao. there should definitely be some way to protect the plugins, right now what i do is reimplement quite a lot of functions from sm and the store plugin itself into a metamod plugin, which in the end is closed-source and required for the plugin to run. nothing complex or complicated but will stop skiddies from reselling (successfully actually)

Dr. McKay · *Last edited by Dr. McKay; 02-27-2013 at 07:22.*

The SourceMod license requires you to release source code with all distributed plugins, paid or not. It doesn't take a genius to CTRL+F for SetFailState or ServerCommand.

If you want to make your SM plugin depend on a closed-source MM plugin, that's perfectly fine. There's just no good way to implement DRM in SourcePawn alone.

Blackglade · *Last edited by Blackglade; 02-27-2013 at 18:37.*

Quote:

Originally Posted by Dr. McKay

The SourceMod license requires you to release source code with all distributed plugins, paid or not. It doesn't take a genius to CTRL+F for SetFailState or ServerCommand.

If you want to make your SM plugin depend on a closed-source MM plugin, that's perfectly fine. There's just no good way to implement DRM in SourcePawn alone.

Dr. Mckay, may i see where it says it in this license that you are required to do so as such. As far as i am concerned, if you are being paid privately to make a plugin. It is upon you to release the sourcecode or not since you are in no such partnership with sourcemod when making the plugin. I have seen Zephs admin menu offered to me many times for around $30 to $40. Although i never take it, it is a prominent fact that owners should be able to protect their own plugins for what it is worth.

Now for a better idea. What about a mysql database implementation in the plugin? It works like this, the owner of the plugin creates a mysql database, and upon distributing his plugin to the given requester. If the plugin is big enough or important enough, it can require a mysql authentication before being able to run meaning that the mysql database must send a signal back to the plugin or server to make it run. This will ensure that plugins will only work when authenticated.

This again is assuming the sourcecode is not given.

Powerlord · *Last edited by Powerlord; 02-27-2013 at 18:48.*

Quote:

Originally Posted by Blackglade

Dr. Mckay, may i see where it says it in this license that you are required to do so as such.

I'm not Dr. McKay, but I'll bite.

addons/sourcemod/LICENSE.txt, line 5:

Quote:

SourceMod is licensed under the GNU General Public License, version 3.

lines 14-23:

Quote:

As an additional special exception to the GNU General Public License 3.0,
AlliedModders LLC permits dual-licensing of DERIVATIVE WORKS ONLY (that is,
SourcePawn/SourceMod Plugins and SourceMod Extensions, or any software built
from the SourceMod SDK or header files) under the GNU General Public License
version 2 "or any higher version." As such, you may choose for your derivative
work(s) to be compatible with the GNU General Public License version 2 as long
as it is also compatible with the GNU General Public License version 3, via the
"or any higher version" clause. This is intended for compatibility with other
software.

The above explicitly mentions that SourceMod plugins are derivative works, in case that wasn't already clear. It also mentions that SourceMod Plugins have to be GPLv3.

addons/sourcemod/GPLv3.txt, line 22-28:

Quote:

When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.

I could quote additional sources from GPLv3.txt, too.

Dr. McKay · 02-27-2013 , 18:49 Re: [New Idea] Secure your plugins?

Powerlord pretty much covered it. Another explanation of the GPL is located here.

asherkin · 02-27-2013 , 18:49 Re: [New Idea] Secure your plugins?

Quote:

Originally Posted by Blackglade

Dr. Mckay, may i see where it says it in this license that you are required to do so as such. As far as i am concerned, if you are being paid privately to make a plugin. It is upon you to release the sourcecode or not since you are in no such partnership with sourcemod when making the plugin.

SourceMod is released under the GNU GPL v3 (+ exceptions), derivative works (including plugins and extensions) are also required to be distributed under a compatible license to maintain legality (contrary to popular belief, not doing this is a violation of AlliedModders copyright, which is why it doesn't matter if it's work for hire as the direct parties are not involved).

You can ready more about the GPL here: https://www.gnu.org/licenses/gpl.html

Skyy · *Last edited by Skyy; 02-28-2013 at 13:38.*

If you don't want the random people who buy from resellers to be able to use your plugin (without some effort / work) just do what Zeph & I do; require custom Metamod plugin. With most of the people who resell, they don't have the technique required to remove the dependency, and will generally end up having to pay someone to do it. You can code actual functionality into the plugin, or just b.s. calls if you want to - because generally, people won't remove it if they don't know what it does - or doesn't do.

Since Metamod plugins aren't required to be distributed with their source, you can code in redundancies into the Metamod plugin, to prevent access on unauthorized servers. Still, even going this route, that dependency can be removed. However, most of the plugin authors don't have the expertise or knowledge to write in Metamod. I've had authors share with me who the resellers are, and I know other authors who just stay away from them.

Most people should probably know that the reseller can't possibly provide support, and you know that if you purchase it from anyone but the author. The author isn't an ass for refusing support to a user who bought his/her product from a reseller; The consumer is the ass for not buying it from the author. Hopefully, people understand that the (generally) reduced price of work sold by resellers entails that it won't be supported by the author. If you want your purchase supported, pay the few extra that it would cost to buy it directly from the author. In relation to the time : earning ratio, plugin authors make a small fraction for their hourly work than they generally do at their job, assuming they're software engineers. Therefore, you might as well support them for their free time, which they used to develop their work.

Either way, there's no reason to violate the sourcemod license. If you don't like the license that's chosen, you don't have to use sourcemod.

Powerlord · 02-28-2013 , 14:35 Re: [New Idea] Secure your plugins?

Quote:

Originally Posted by Skyy

If you don't want the random people who buy from resellers to be able to use your plugin (without some effort / work) just do what Zeph & I do; require custom Metamod plugin. With most of the people who resell, they don't have the technique required to remove the dependency, and will generally end up having to pay someone to do it. You can code actual functionality into the plugin, or just b.s. calls if you want to - because generally, people won't remove it if they don't know what it does - or doesn't do.

Unless you're including some of the logic in an MM:S plugin, why wouldn't it be trivial to remove?