search

1lann / Firewolf

A program for ComputerCraft that allows you to visit, create, host and share websites with others. A virtual internet in Minecraft.
MIT License
17 stars 7 forks source link

Firewolf Action Plan: Security #38

Closed 1lann closed 11 years ago

1lann commented 11 years ago

Alright, so looking from the rednet system and rednet API, nothing is safe anymore D: This calls for a new action plan to prevent interception. Maybe securing data through HTTP? We need a port of the RSA encryption system in lua now I suppose.

-- ME DERPING STARTS HERE -- LOGICAL THINKING TIME! I shall think at my very best and extremly hard on how we are going to do this. THINk BRAIN THINK. POW THROUGH YOUR CRAPPY 1 TERAFLOP SINGLE CORE CRAPPY CPU. THINKKKKKKKKKKKKKKKKKkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk......................................................................................................................................................... I THINK we just MIGHT have to go SWITCH back to the OLD SYSTEM. DUN DUN DUNNNNNNNNnnnnnnnnnnnnnn! Or maybe...... idk. People can now fake their ID. Making stuff soooooooo hard.

-- LOGICAL STUFF STARTS HERE -- OH I KNOW! We require the client to run a specific piece of code (In an environment of course) to verify itself! somehow. Like loadstring then run it. But with complexity and encryption stuffs in the code. What it will do is return back to the server the computer's ID, so we can verify it completely. Though someone can flaw this and cause a too long without yielding....... Ok, I know what. We use encryption, and we need to make Firewolf closed source, or at least a part of it. We may need to like make the rednet sending bytecode so people can't tell how we do it. Maybe even the entire program. WE NEED TO THINK

benanders commented 11 years ago

Holy shit chuie... you crazy...

Anyway, I've also been thinking about how to redesign the server interactions with the client... eg. how to download resources from the server, how to save files to the user's computer, etc... We need a solution that will work with both HTTP and RDNT...

Personally, I think we should model it like real life servers are, with every io/fs call running the command server side, and then having a prompt to open/save something on the users computer (with the exception of saving cookies). This is kinda impossible with HTTP though, unless I redesign my original idea to make it work properly. How will a server save data in HTTP? How will it download a resource without making the user wait too long? idk. I've got to redesign a bit i think.