- Home /
How to Protect Webplayer Builds?
There's this one user on kongregate that has figured out a way to crack open webplayers and veiw their code. I messaged him on how he did it and very nicely replied, here is what he said: "Unity uses Mono for scripting. So each unity game contains .Net / Mono assembly files which can easily be viewed with any .NET reflector. The Unity-3D-Obfuscator (which has been written to protect your code) can be used to unpack webplayer builds. Anyway, never “steal” other peoples code. Copyright has nothing to do wether you are able to access the source code or not. Reflecting .NET byte code is actually a language feature of CIL, so every appliation that uses .NET / Mono can be viewed. I’m a games developer as well and most companies that use Unity don’t know about that little “problem”. It’s not really a problem unless you have code that shouldn’t be viewed by the user. But in this case always keep in mind “security through obscurity” never works." Now this scares me because I'm planning on making a MMO within the year and I'm planning to use SQL in my code. With his methods would he be able to find my SQL contents and password? If so is there any way to protect against this?
Rule 4 of Database development. There is never, ever any access to the DB from the client. Not in this day and age. $$anonymous$$iddleware has benefits beyond just bloating the development companies' pockets, key among which are performance, load balancing and security security security.
Answer by Eric5h5 · Oct 11, 2012 at 02:25 AM
You should run any code that matters on the server, not the client. Never trust the client. Not really anything to do with Unity; all games get hacked.
Answer by MarkFinn · Oct 11, 2012 at 04:02 AM
As Eric said, but also do some google searches for "Unity Obfuscator" and "C# obfuscator". (Don't just grab the tools. Understanding the tech is well worthwhile).
It will always be possible to rip open any .net/mono package. Such is the nature of the technology.
But you can make it so frustrating for the code rippers that they'll pass you by and pick on the easier targets.
NOTE! This is not a solution to failed security models (E.g. having any form of password in your client) but rather a way of reducing the number of times your code is ripped off and used to generate clones of your work. Even if your code were utterly unreadable and unrippable you'd still be transmitting your SQL usernames and passwords across the network every time they were used.
Your answer
Follow this Question
Related Questions
is there a way to secure the .unity3d web player file from downloading? 1 Answer
How do I protect my webplayer from beeing used from other sites? 2 Answers
Security.PrefetchSocketPolicy does not work in debug session? 0 Answers
Webplayer sandbox security policy: When do I prefetch security policy? 1 Answer