Page 1 of 5

question about Love.js security

Posted: Sat Jan 23, 2021 6:33 pm
by atenzor
I saw some posts and topics on source code and assets protection.

It seems to be impossible to protect them, because there are tools out there to decompile.

Then, I noticed something called Love.js that can make the game online basically and what I was
wondering with that is it possible for someone to get the assets/source code from an online version
of the game?

How protected is the online version of the game is my question basically? or maybe better ways than
using Love.js? or maybe even actual new methods to make the code secure, even offline?

Thanks! :)

Re: question about Love.js security

Posted: Sat Jan 23, 2021 7:08 pm
by ivan
It's the copyright/license that protects your game assets, not the technology.
The same holds true for books, music and other media.
Also, keep in mind that all I have to do is press the "Print Screen" button on my keyboard to copy your graphical assets.

Re: question about Love.js security

Posted: Sat Jan 23, 2021 7:44 pm
by atenzor
I can understand assets, for me, it's mainly the source code. Can they somehow get the code?

Re: question about Love.js security

Posted: Sat Jan 23, 2021 8:02 pm
by ivan
atenzor wrote: Sat Jan 23, 2021 7:44 pmCan they somehow get the code?
Yes and you are missing the point.

Re: question about Love.js security

Posted: Sat Jan 23, 2021 8:43 pm
by Xugro
If you are afraid that someone will look at the source-code of your game, then do not give it to them. The concept is called Cloud Gaming. The drawback is the increased complexity and the cost of the server(s).

Re: question about Love.js security

Posted: Sat Jan 23, 2021 10:22 pm
by atenzor
ivan wrote: Sat Jan 23, 2021 8:02 pm
atenzor wrote: Sat Jan 23, 2021 7:44 pmCan they somehow get the code?
Yes and you are missing the point.
But how does it work exactly? Isn't the game file only accessible by the hosting server during runtime?

I will test it out soon, but from what I saw, you basically have a game.js and game.data file.
It seems like the content of the code is located in the game.data file, but why would that be available
for download or whatever? It should only be accessed by the server and restricted to the end user.

So end user literally only can "see" the screen of the game and control using keyboard or mouse or gamepad.

That seems like a poor implementation of love.js if it works like that tho... or maybe it's just a matter
of trying to restrict file access on the server, there has to be a way. Or I guess ultimately convert lua code to
some other game engine or framework to make it more secure idk... :(

Re: question about Love.js security

Posted: Sat Jan 23, 2021 10:23 pm
by atenzor
Xugro wrote: Sat Jan 23, 2021 8:43 pm If you are afraid that someone will look at the source-code of your game, then do not give it to them. The concept is called Cloud Gaming. The drawback is the increased complexity and the cost of the server(s).
Is there any tutorial on cloud gaming and love2d? So I can protect my code like that?

Re: question about Love.js security

Posted: Sat Jan 23, 2021 11:13 pm
by Xugro
atenzor wrote: Sat Jan 23, 2021 10:22 pm But how does it work exactly? Isn't the game file only accessible by the hosting server during runtime?

I will test it out soon, but from what I saw, you basically have a game.js and game.data file.
It seems like the content of the code is located in the game.data file, but why would that be available
for download or whatever? It should only be accessed by the server and restricted to the end user.

So end user literally only can "see" the screen of the game and control using keyboard or mouse or gamepad.
What you described is Cloud Gaming. Love.js is just normal LÖVE but in the browser. So the player has your complete source code (everything in the *.love-file).
atenzor wrote: Sat Jan 23, 2021 10:23 pm Is there any tutorial on cloud gaming and love2d? So I can protect my code like that?
No, there is not. There are several ways to do this. If you want to use LÖVE then I would suggest something like this:
Love2D-Cloud-Gaming.png
Love2D-Cloud-Gaming.png (25.7 KiB) Viewed 9803 times
Everytime the player inputs something (press of a button or click of the mouse) on his computer send the input to the server. Then your code takes the current gamestate and the input and computes the a new gamestate. Send that gamestate to the user. On the players computer love.draw() will use that gamestate to draw the game.

Re: question about Love.js security

Posted: Sat Jan 23, 2021 11:21 pm
by atenzor
That makes sense yes. But so... what would you recommend to even accomplish that? I am assuming you are not talking about
the Love networking libraries right? You mean perhaps Love in combination with something else that does that networking?

Or is it possible somehow with the networking libraries to do that?

Re: question about Love.js security

Posted: Sat Jan 23, 2021 11:26 pm
by Xugro
atenzor wrote: Sat Jan 23, 2021 11:21 pm Or is it possible somehow with the networking libraries to do that?
This is completely possible with the networking libraries of LÖVE. You just need a way to send input from the players computer to the server and respond with a new gamestate. Why should the networking libraries of LÖVE not work for this?