Comments (10)
PolyMC already defaults to our Client ID. It works even if compiled without specifying a client ID.
from polymc.
That leaves the default Client ID distributed, which may bring risks for PolyMC since malicious third-party clients may also use that Client ID.
from polymc.
understood, I'll work on this later if MultiMC doesn't implement it first.
from polymc.
I mean, what MultiMC is doing in their binaries is basically the same. You can extract the api key and use it maliciously from the binary.
from polymc.
that's what I was thinking, no reason to not include it now. We can always make a new one and if people consistently abuse then we can switch over to this.
from polymc.
MultiMC uses a secret system to store the Client ID and possibly obfuscates it at compile time.
Not once is it publicly exposed, and finding it requires a lot of digging and reversing data
from polymc.
MultiMC uses a secret system to store the Client ID and possibly obfuscates it at compile time. Not once is it publicly exposed, and finding it requires a lot of digging and reversing data
its still public and easy to extract, https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=multimc-git#n55
from polymc.
"public" is a questionable statement
its unobfuscated within the binary but nothing is stopping the devs to add a layer of encryption ontop that could make the effort of getting the ID harder.
from polymc.
That is still public. When its on the client machine, its just a matter of time to get it back.
from polymc.
At the end there is no good way to do this
Either you setup a proxy that stores the client ID, but then the user is essentially MITM'd
or you put the client ID in the program but then you suffer from people using it to impersonate the project.
The solution that the MultiMC project took was keeping the ClientID in the public, until that was abused
Then it was put into a dedicated secret subproject with the ID, which won't stop those that try hard enough yes but it will stop most of those trying.
I won't doubt that the MultiMC project might put more work into that in the future to ensure things like the AUR situation won't happen
from polymc.
Related Issues (20)
- [RFC] Formatting Conventions HOT 2
- make PolyMC support Java 21 HOT 2
- More frequent versioning release HOT 2
- Instance Storage Tab uses hard to read font color on dark theme HOT 1
- [Question] Does the flatpak package also gets updated? HOT 3
- HomeBrew Installation instructions don't work. Not very important as you can still download PolyMC from GitHub HOT 2
- Launch instance failed: This instance is not compatible with Java version 21 HOT 2
- PolyMC doesn't auto-detect sdkman Java installations
- Importing BetterThanWolves causes hang only on PolyMC 6.0 HOT 3
- Add missing linux-arm natives
- polymc aur, make build in parallel HOT 1
- Unable to detect the forge installer! HOT 28
- Add a way to share mods/ressources pack/shader list from a configuration HOT 7
- [Feature Request]: add Amulet Map Editor support beside of MCEdit
- Integration with Ely.by HOT 11
- Cannot add "authlib-injector" account HOT 5
- Problems with the game (1.7.10) HOT 2
- Nix Overlay Install falure
- Unable to detect the forge installer HOT 5
- Shaderpacks from CurseForge end up in resourcepacks folder instead of shaderpacks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polymc.