Member Discussions

Read alot of posts about source code being stolen by hosts (free and otherwise) and got a little worried. I was wondering if the community had any advice regarding protecting source code.

Removing *.c and *.h files after compilation was a good one but looking for other things like backdoors or exploits being strategically inserted into the code.

Any ideas especially for C?

I think the best solution still has to be working with people who you can trust. Either host the MUD yourself, or use a hosting service that has a strong reputation. Make sure you know the coders you're going to be working with, because they're in prime position to take the source from you. Ultimately, because of the human element, the only way to guarantee against the theft of your source is to work on it yourself, compile on a machine that's not on a network anywhere, copy the binary to a disk, use another computer to upload that to the mud server, and hope noone's willing to break into your house to get the source, but that's a little excessive paranoia. Know who you're hosting with, know who you're working with, and hopefully, you can keep things safe that way.

Here is the main thing here...

I have heard of hosts stealing code, or a coder jacking a code. But, for general information. There is no such thing as a back door, the only way someone will get into your account is if they guess or have a password. Backdoors were more or less myths and if you ask any knowledgeable coder now a days, they have pretty much been eliminated. The only way your going to get 'hacked' is with a password cracker or a lucky guess really.

As far as hosts stealing code, alot of hosts die, meaning it may not have been stolen as much as the owner of the shell just said screw it and closed it. If someone has the capabilities of running a MUD host, odds are, they know enough to Make a MUD, and shouldn't need to steal one. The only MUDs worth stealing are on personal servers now, so I wouldn't be too concerned.

And, somarilnos's suggestions for keeping a MUD safe, like he said, while good and effective, thats quite a bit for just a MUD. If you really just want to make a MUD without the worry of a host or anyone stealing it, download cygwin and run off your localhost. Keep the ports closed, and don't make it open to internet attack. Its free, but big.

Just a few suggestions/comments.

> There is no such thing as a back door

Of course there is - I've used them myself in the past. The trouble is that once they've been found, they can be removed. And because there's nothing stopping the person running the code from making backups, the most you can do is cause short-term difficulties for them.

Worse still, if you leave them in a running version of your mud and someone else gets hold of them, they can use them on you.

The best bet is simply never uploading the source in the first place. Compile it yourself and upload only the final binary to the server.


In terms of code booby-traps, I've always liked this particular tale:
Nobody wants the ignominy of anything like the bad crack for Autodesk's 3D Studio that made the rounds in 1992. For all intents and purposes it ran correctly, all features seemed 100 percent functional. Except that the dedongled program slowly and subtly corrupted any 3-D model built with it. After a few hours of use, a mesh would become a crumpled mass of broken triangles, irrevocably damaged. Cleverly, Autodesk had used the dongle to create a dynamic vector table within the program. Without the table, the program struggled to create mathematically accurate geometry - and eventually failed. Many a dodgy CAD house saw its cost-cutting measures end in ruin.
--Wired, April 1997

If your personal computer has an always-on connection, you can store game-critical data (spell damage tables, race definitions, whatever) on your home system and have the game download them into memory during startup. Keep in mind that if the code thief can easily guess or replace the data, you're wasting your time. Also keep in mind that the game would be unable to start if your computer became unreachable.