+ Reply to Thread
Results 1 to 9 of 9

Thread: Suggestion: Code signing

  1. #1
    Soulwalker
    Join Date
    Jun 2011
    Posts
    15

    Default Suggestion: Code signing

    While there are a couple of possible approaches, it would be good to be able to:
    1. As a developer, sign an addon before publishing it.
    2. As a player, be warned if I try to install any addon that isn't signed by someone I've said I trust (whether that is the developer or someone else), and be warned a *lot* if I try to install an addon that isn't signed at all.
    3. As a third party, be able to declare "I have looked upon this addon, and it is pleasing to mine eyes" in a way that would allow players to set up their client to listen to that and trust it (see point 2).

    Examples of a basic approaches to this include how security is done for Firefox plugins and Android apps. To keep from driving developers insane, it would probably be necessary to allow disabling the checks when connected to the test shard (so that it isn't necessary to do signatures while you're actively testing your *own* addons), or something similar.

  2. #2
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    132

    Default

    This is really not necessary. As long as you arent stupid enough to run random .exe files you should never have addons that you didnt explicitly install. All this is just more work for trion, addon devs, and consumers.
    "The only constant in all your failed warfronts is you."
    Malorn, Cleric of The Enclave

  3. #3
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    160

    Default

    It's really not needed. The worst thing an addon can do is empty your bags/plat & destroy your gear. While bad, it's recoverable and not quite like sending over your bank account details to a malicious person, something Firefox & Android plugins/apps can do.

    Also, the test shard won't always be functionally equal to live so only allowing overrides on test isn't an option. The moment you allow overrides on live, people will tell everyone to turn it on unless you make it incredibly obnoxious (like with Windows Vista/7 driver signature enforcement).

    Finally, this breaks public version control unless you tell everyone to sign everything.

  4. #4
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    163

    Default

    If addons were made of .exes or .dlls I'd advocate that too, but I'm not seeing how signing is possible, or if possible certainly not practical, given that Rift addons are just text files. It's a nice theory but they really aren't that sophisticated or dangerous. It's just a game, not an OS.

    Also, why would an addon need to be able to destroy gear?? I hope that feature doesn't make it into the API.

  5. #5
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    160

    Arrow

    Quote Originally Posted by ultrviolet View Post
    Also, why would an addon need to be able to destroy gear?? I hope that feature doesn't make it into the API.
    Unequip, destroy item. There's plenty of valid reasons to do both.

  6. #6
    Soulwalker
    Join Date
    Jun 2011
    Posts
    15

    Default

    Quote Originally Posted by Malvir View Post
    This is really not necessary. As long as you arent stupid enough to run random .exe files you should never have addons that you didnt explicitly install. All this is just more work for trion, addon devs, and consumers.
    Indeed. Of course, without it there's absolutely nothing to say that the addon you just downloaded and installed -- the update to your favorite addon that brings world peace and waffles for everyone -- is actually what it claims to be.

    Trion can decide if it's work they think is worthwhile. If only the most basic steps are provided (validating signed code), the user never needs to notice it unless there is, in fact, a problem. As for addon developers... sorry, I have no sympathy, I've had to sign the vast majority of anything I released to the public for a decade now, or have it not be released. It just isn't that difficult. More time is generally spent actually putting the thing up and announcing it.

  7. #7
    Soulwalker
    Join Date
    Jun 2011
    Posts
    15

    Default

    Quote Originally Posted by ultrviolet View Post
    If addons were made of .exes or .dlls I'd advocate that too, but I'm not seeing how signing is possible, or if possible certainly not practical, given that Rift addons are just text files. It's a nice theory but they really aren't that sophisticated or dangerous. It's just a game, not an OS.

    Also, why would an addon need to be able to destroy gear?? I hope that feature doesn't make it into the API.
    Text files can be signed as easily as anything else. While they have more limited access, a text file that is fed directly to an interpreter isn't in any meaningful way different from an executable or a library.

    If you want to argue that addons cannot possibly do things that are sufficiently evil, if compromised, well, that depends on what the API eventually provides. But don't ever assume a file fed to a program that does something with it is safe just because it is text. If you doubt that, ask yourself why macros are disabled by default for Word and Excel, these days.

  8. #8
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    160

    Default

    Quote Originally Posted by DeathSheepFromHell View Post
    Indeed. Of course, without it there's absolutely nothing to say that the addon you just downloaded and installed -- the update to your favorite addon that brings world peace and waffles for everyone -- is actually what it claims to be.
    There's no such guarantee with code signing either. There's only the guarantee that it's from the same author... assuming his private key didn't get stolen. Also, said key needs to come from somewhere.

    Trion can decide if it's work they think is worthwhile. If only the most basic steps are provided (validating signed code), the user never needs to notice it unless there is, in fact, a problem. As for addon developers... sorry, I have no sympathy, I've had to sign the vast majority of anything I released to the public for a decade now, or have it not be released. It just isn't that difficult. More time is generally spent actually putting the thing up and announcing it.
    The stuff you've been working with has access to private info; Rift addons don't.

  9. #9
    IXI
    IXI is offline
    Plane Walker IXI's Avatar
    Join Date
    Feb 2011
    Posts
    456

    Default

    Quote Originally Posted by Kewne View Post
    It's really not needed. The worst thing an addon can do is empty your bags/plat & destroy your gear. While bad, it's recoverable and not quite like sending over your bank account details to a malicious person, something Firefox & Android plugins/apps can do.
    Right now, all an addon can do is display buffs you don't have and obscure your vision with a huge empty frame. Trion might restrict the ability to destroy items and plat. I don't see any reason any addon would need to destroy plat in the first place.
    It's spelled "Riftdrawal", and yeah you have it.

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts