Java-Gaming.org Hi !
Featured games (91)
games approved by the League of Dukes
Games in Showcase (757)
Games in Android Showcase (229)
games submitted by our members
Games in WIP (844)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2] 3 4 ... 10
 11 
 on: 2018-06-22 12:18:57 
Started by PixelappGames - Last post by PixelappGames
3 months. Yes, it's been fast.

 12 
 on: 2018-06-22 12:09:22 
Started by SkyAphid - Last post by h.pernpeintner
Have any of you tried this before? [...] I'm interested to hear anyone's stories on if they've tried this and how it went for them. One question I also have in particular is if you can actually limit what packages the class that's loaded in is allowed to reference.

My engine has a Component that can load JavaScript or Java source code. JavaScript is plugged into Nashorn (this is very simple and I think a viable scripting solution for most of the use cases out there), Java is compiled at runtime and loaded with the given classloader...just like every other sane module system does it. For the Java components I implement, I compile against a small API that can be used on provided scope in maven (component interface has init(EngineContext context), update(float deltaSeconds) functions and so on). You can limit the objects that the foreign component can use right there, by the interface definitions you provide. You still have the problem that one can execute arbitrary Java code in his component. Having different classloaders is optional here and has to be used when you want to isolate multiple extensions (external modules) from each other.

Another approach would be to go modular with the JPMS...with this you could export modules only to your own modules, but you can't prevent arbitrary code execution. All in all, I don't think it's worth the hassle at all.

 13 
 on: 2018-06-22 09:01:52 
Started by SkyAphid - Last post by nsigma
Wouldn't Javascript also be a good option for allowing user scripty stuff?

Seems the obvious solution with Nashorn there, assuming you're not building a "turtles all the way down" system like myself - ie. where you're running performance stuff in the main loop.

It still doesn't solve the security problem though.  And these days it's possible to write a Java API that's more readable and less verbose than a JavaScript one - now that's a refreshing change!  Grin

 14 
 on: 2018-06-22 08:53:15 
Started by SkyAphid - Last post by princec
Wouldn't Javascript also be a good option for allowing user scripty stuff?

Cas Smiley

 15 
 on: 2018-06-22 08:22:54 
Started by SkyAphid - Last post by nsigma
I'll have to keep reading up to make sure the lua support can't be used maliciously though. I haven't used lua since my teenage source modding days, so I can't really remember what kind of functionality it has.

@nsigma
I'm not really a stickler on protecting my code, but it's definitely about protecting the users from douchebags who will hide viruses in their mods. The Java VM is pretty powerful so I imagine giving full control over to the modder could end up being pretty dangerous.

Yes, I'm interested to know how this fixes your "problem" rather than just providing a different language for people to write their exploits in?!

Obviously it's in text not bytecode, but that's the same as the Java options talked about earlier and really relies on the user understanding or trusting the code source.  You're likely to still need to look into ClassLoader white-listing and/or SecurityManagers with this?  Unless LuaJ adds this already on top of the normal Java scripting support?

Incidentally, another Java option that might be interesting to look at embedding in a game engine might be JShell?

 16 
 on: 2018-06-22 04:30:24 
Started by BurntPizza - Last post by orange451
Implemented a CodeArea using the TextArea as a base



Had to do a lot of workarounds because NanoVG doesn't seem to support mono-spaced fonts very well (tab/enter characters are drawn with boxes). Additionally, NanoVG author refuses to give any default functionality to the tab character, which renders the nanovg drawstring function useless except for drawing single characters. So I used a lot of time today doing that :x But now I get to have a nice text editor AND lwjgl3!

Need to think of a clever way to do syntax highlighting...
Anyone know good of a good way to combine Java objects with strings? Might be interesting to set the text up in such a way as:
1  
text = "Text here" + color(255,0,0) + "This is red"



[EDIT]
I put together everything I've made in the last 2 weeks, and made this:

 17 
 on: 2018-06-22 00:41:26 
Started by SkyAphid - Last post by SkyAphid
I played with LuaJ a bit today and found out it has some very powerful tools for calling Java functions straight from the lua. I started out with a lua file that's something simple like this:

1  
2  
3  
function Main(GameTools, WorldTools, HUDTools, PlayerTools)
  print('Hello World from lua file! Player Name: ' .. PlayerTools:getName())
end


And it successfully printed:

1  
Hello World from lua file! Player Name: Cody


I wanted to see how far down I could take the rabbit hole and ended up trying this:

1  
2  
3  
function Main(GameTools, WorldTools, HUDTools, PlayerTools)
  print('Hello World from lua file! First Item in Player Inventory: ' .. PlayerTools:getPlayer():getInventory():get(0):getName())
end


And holy hell, it printed out this:

1  
Hello World from lua file! First Item in Player Inventory: Old Hover-Bike


It went all the way down into the EntityPlayer, down it his Inventory, and then got an Item out if its ArrayList and was able to successfully call getName(). That's pretty much exactly what I was looking for in my mod support functionality. Of course, I'll probably abstract and limit what the lua file can call so that the modders can't go too far down the rabbit hole and accidentally break something, but it's still cool that it has that potential.

I'll have to keep reading up to make sure the lua support can't be used maliciously though. I haven't used lua since my teenage source modding days, so I can't really remember what kind of functionality it has.

@nsigma
I'm not really a stickler on protecting my code, but it's definitely about protecting the users from douchebags who will hide viruses in their mods. The Java VM is pretty powerful so I imagine giving full control over to the modder could end up being pretty dangerous.

 18 
 on: 2018-06-21 23:44:53 
Started by SkyAphid - Last post by nsigma
Interesting thread!  And interesting to read the thread @CommanderKeith linked to and remember what I was working on at the time!  Smiley  Since then, PraxisCORE (the runtime from PraxisLIVE) has become an actor-model system where every actor has its own ClassLoader and every actor accepts it's behaviour as a String of Java code that can be defined and redefined as it's running.  It's fun, and can be really powerful for certain uses, and is almost certainly not suitable for untrusted code in any form whatsoever!  Wink

But what's the point of securing your code anyway?  If it's just for users to mod things for themselves, what's the problem with just providing an API that they can do anything with?  On the other hand, if your aim is that people can share mods and you feel you need to lock things down for the safety of other users then I'd suggest being careful of any executable code, whatever the language.  Interesting that today I also read about the plan to deprecate serialization in the JDK because of its potential as an attack vector for arbitrary code execution.  If this lockdown is important to you, perhaps a simple DSL (domain specific language), not Turing complete, as declarative as possible, is the way to go?

 19 
 on: 2018-06-21 21:31:16 
Started by SkyAphid - Last post by SkyAphid
I spent the whole day going down a rabbit-hole of reading about this stuff, and have concluded it's probably best to just add support for lua and only whitelist certain functionality lol. But thank you guys for all the help!

 20 
 on: 2018-06-21 19:12:09 
Started by BurntPizza - Last post by Mad Hatter

You could try GraphicsGale if you're not already using that. It's free iirc. A lot of my spriters use it.

Thanks, I will try to figure out how to install on linux.

Another timelapse:
<a href="http://www.youtube.com/v/VQmBrgzD_yM?version=3&amp;hl=en_US&amp;start=" target="_blank">http://www.youtube.com/v/VQmBrgzD_yM?version=3&amp;hl=en_US&amp;start=</a>

Result

And some character concept arts of sloths demons:


Pages: 1 [2] 3 4 ... 10
 
EgonOlsen (78 views)
2018-06-10 19:43:48

EgonOlsen (58 views)
2018-06-10 19:43:44

EgonOlsen (78 views)
2018-06-10 19:43:20

DesertCoockie (260 views)
2018-05-13 18:23:11

nelsongames (158 views)
2018-04-24 18:15:36

nelsongames (157 views)
2018-04-24 18:14:32

ivj94 (898 views)
2018-03-24 14:47:39

ivj94 (162 views)
2018-03-24 14:46:31

ivj94 (811 views)
2018-03-24 14:43:53

Solater (175 views)
2018-03-17 05:04:08
Java Gaming Resources
by philfrei
2017-12-05 19:38:37

Java Gaming Resources
by philfrei
2017-12-05 19:37:39

Java Gaming Resources
by philfrei
2017-12-05 19:36:10

Java Gaming Resources
by philfrei
2017-12-05 19:33:10

List of Learning Resources
by elect
2017-03-13 14:05:44

List of Learning Resources
by elect
2017-03-13 14:04:45

SF/X Libraries
by philfrei
2017-03-02 08:45:19

SF/X Libraries
by philfrei
2017-03-02 08:44:05
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!