Navigation

Navigation section

Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Sign up now!

Implemented Restrict SDK Runtime for End Users

Status
Not open for further replies.
M

mydogjax

Joined
Sep 30, 2015
Messages
15
I give people a .zip file with both a jar and the source code. Wasn't aware I HAD to use the botstore and wait ~12 hours for them to receive the product when they could just as easily compile it themselves and run it.
 
arbiter

arbiter

Mod Automation
Joined
Jul 26, 2013
Messages
3,044
mydogjax said:
I give people a .zip file with both a jar and the source code. Wasn't aware I HAD to use the botstore and wait ~12 hours for them to receive the product when they could just as easily compile it themselves and run it.
Click to expand...
The reasons why that is not a good idea are outlined in the OP and following posts.
 
draggin

draggin

Joined
Aug 10, 2015
Messages
142
mydogjax said:
I give people a .zip file with both a jar and the source code. Wasn't aware I HAD to use the botstore and wait ~12 hours for them to receive the product when they could just as easily compile it themselves and run it.
Click to expand...
No to mention waiting half a day is better than waking up and realizing your entire bot farm plus all your passwords to your email, paypal, etc are jacked because some kid put a generic rat in there and paid a kid a couple bucks to make it undetectable.
 
worrorfight

worrorfight

Joined
Sep 23, 2015
Messages
22
By putting a private bot on SDN.. does that mean the staff here review them before actual use of each update or does a system automatically check for viruses, rats, etc?
 
slashnhax

slashnhax

Joined
Dec 10, 2014
Messages
3,255
Well this thread was entertaining. To be honest, I'm all for this change, safety is something that shouldn't be neglected xD
 
twinki

twinki

Joined
Sep 30, 2015
Messages
86
Took nearly 4 hours after I submitted my script to SVN to only receive a notification that the manifest tag is wrong. Guess it's time to wait another 5 hours just to allow a friend to use the script.

This is a pretty disheartening change, add a warning or something they have to agree to. If they end up being hacked, then you have no responsibility for it, they took the risk.

I hate how these Bot Client Platforms force you to do it their way, at this point i'm only using this client because I have no other choice. It's either EpicBot, TriBot which forces you to pay 5$ to simply load local scripts, or RuneMate. I wanted to eventually attempt a database setup with the scripts I create, like getting account info from a MySQL database and logging into the game using my own Login Handler and then sending info to the database as well, but I highly doubt that's going to be allowed on SVN, not to mention they're going to see my db logins, etc..

This is a stupid change IMHO, I get you want to protect your users, but some users don't want to be protected. Tired of being called this "anarchist" for saying so, create a warning, shit I don't care if you have a popup or some form you have to agree to, you shouldn't be held responsible if someone ignores the guideline or warning.

Revert this change, and find another way, please.
 
vag

vag

Joined
Apr 21, 2015
Messages
142
Twinki said:
Took nearly 4 hours after I submitted my script to SVN to only receive a notification that the manifest tag is wrong. Guess it's time to wait another 5 hours just to allow a friend to use the script.

This is a pretty disheartening change, add a warning or something they have to agree to. If they end up being hacked, then you have no responsibility for it, they took the risk.

I hate how these Bot Client Platforms force you to do it their way, at this point i'm only using this client because I have no other choice. It's either EpicBot, TriBot which forces you to pay 5$ to simply load local scripts, or RuneMate. I wanted to eventually attempt a database setup with the scripts I create, like getting account info from a MySQL database and logging into the game using my own Login Handler and then sending info to the database as well, but I highly doubt that's going to be allowed on SVN, not to mention they're going to see my db logins, etc..

This is a stupid change IMHO, I get you want to protect your users, but some users don't want to be protected. Tired of being called this "anarchist" for saying so, create a warning, shit I don't care if you have a popup or some form you have to agree to, you shouldn't be held responsible if someone ignores the guideline or warning.

Revert this change, and find another way, please.
Click to expand...

Uhh, Did I get this right? You want to save RuneScape account names in your own database? That's just insecure, stupid and fishy. First off all, the client saves login details locally, because the simple fact is that the passwords need to be saved in plain textformat, because the JVM Keyboard can not handle encrypting and decrypting passwords without being unsecure (yes, you can write a keyboard that uses your custom encrypting, but if you do so, once again you are easily able to decrypt, because your script has to know the pattern.)

0/10 Hope you get banned for saying shit like this.
 
twinki

twinki

Joined
Sep 30, 2015
Messages
86
VAG said:
Uhh, Did I get this right? You want to save RuneScape account names in your own database? That's just insecure, stupid and fishy. First off all, the client saves login details locally, because the simple fact is that the passwords need to be saved in plain textformat, because the JVM Keyboard can not handle encrypting and decrypting passwords without being unsecure (yes, you can write a keyboard that uses your custom encrypting, but if you do so, once again you are easily able to decrypt, because your script has to know the pattern.)

0/10 Hope you get banned for saying shit like this.
Click to expand...

What an amazingly friendly community.
 
aidden

aidden

Author of MaxiBots
Joined
Dec 3, 2013
Messages
6,770
VAG said:
Uhh, Did I get this right? You want to save RuneScape account names in your own database? That's just insecure, stupid and fishy. First off all, the client saves login details locally, because the simple fact is that the passwords need to be saved in plain textformat, because the JVM Keyboard can not handle encrypting and decrypting passwords without being unsecure (yes, you can write a keyboard that uses your custom encrypting, but if you do so, once again you are easily able to decrypt, because your script has to know the pattern.)

0/10 Hope you get banned for saying shit like this.
Click to expand...
The client doesn't store the login details locally, what are you even talking about.
 
savior

savior

Java Warlord
Joined
Nov 17, 2014
Messages
4,906
Twinki said:
Took nearly 4 hours after I submitted my script to SVN to only receive a notification that the manifest tag is wrong. Guess it's time to wait another 5 hours just to allow a friend to use the script.

This is a pretty disheartening change, add a warning or something they have to agree to. If they end up being hacked, then you have no responsibility for it, they took the risk.

I hate how these Bot Client Platforms force you to do it their way, at this point i'm only using this client because I have no other choice. It's either EpicBot, TriBot which forces you to pay 5$ to simply load local scripts, or RuneMate. I wanted to eventually attempt a database setup with the scripts I create, like getting account info from a MySQL database and logging into the game using my own Login Handler and then sending info to the database as well, but I highly doubt that's going to be allowed on SVN, not to mention they're going to see my db logins, etc..

This is a stupid change IMHO, I get you want to protect your users, but some users don't want to be protected. Tired of being called this "anarchist" for saying so, create a warning, shit I don't care if you have a popup or some form you have to agree to, you shouldn't be held responsible if someone ignores the guideline or warning.

Revert this change, and find another way, please.
Click to expand...
I think you can do this, as long as this system is for your own, private use, and not for any customer.
 
vag

vag

Joined
Apr 21, 2015
Messages
142
Aidden said:
The client doesn't store the login details locally, what are you even talking about.
Click to expand...
Atleast this is what @Arbiter told me on Skype a few days ago, when we were talking about the security checks performed to scripts. Arbiter can feel free to correct me?
 
arbiter

arbiter

Mod Automation
Joined
Jul 26, 2013
Messages
3,044
DarkenedSoul said:
Will scripts uploaded as private undergo the same quality checks or just safety checks.
Click to expand...

Free and private bots are mostly checked for safety. While we may provide pointers to improve, we won't reject for quality unless there's something really wrong with it.

Twinki said:
Took nearly 4 hours after I submitted my script to SVN to only receive a notification that the manifest tag is wrong. Guess it's time to wait another 5 hours just to allow a friend to use the script.

This is a pretty disheartening change, add a warning or something they have to agree to. If they end up being hacked, then you have no responsibility for it, they took the risk.

I hate how these Bot Client Platforms force you to do it their way, at this point i'm only using this client because I have no other choice. It's either EpicBot, TriBot which forces you to pay 5$ to simply load local scripts, or RuneMate. I wanted to eventually attempt a database setup with the scripts I create, like getting account info from a MySQL database and logging into the game using my own Login Handler and then sending info to the database as well, but I highly doubt that's going to be allowed on SVN, not to mention they're going to see my db logins, etc..

This is a stupid change IMHO, I get you want to protect your users, but some users don't want to be protected. Tired of being called this "anarchist" for saying so, create a warning, shit I don't care if you have a popup or some form you have to agree to, you shouldn't be held responsible if someone ignores the guideline or warning.

Revert this change, and find another way, please.
Click to expand...
You can still do all that as a Bot Author with no time limits. Remember, this is for end users only.
 
  • Like
Reactions: WYD
aidden

aidden

Author of MaxiBots
Joined
Dec 3, 2013
Messages
6,770
Arbiter said:
Free and private bots are mostly checked for safety. While we may provide pointers to improve, we won't reject for quality unless there's something really wrong with it.


You can still do all that as a Bot Author with no time limits. Remember, this is for end users only.
Click to expand...
Shouldn't he have received a message instantly about the incorrect manifest tag?
And to clarify for VAG and I, are account details stored on the local pc? I was under the impression they're not.
 
Status
Not open for further replies.
Top