Home | Rules and Guide | Sign In/Create Account | Write a Post | Reddit | #LD48 | #ludumdare on irc.afternet.org (Info)

Ludum Dare 30 — August 22nd-25th 2014 — Theme: ??? (Suggest a Theme)
  • Ludum Dare 30 Begins: in 21 days, 2 hours, 26 minutes, 47 seconds
  • [ Real World Gatherings | Ludum Deals | MiniLD #53 ]


    Getting data out of unsigned applets

    Posted by (twitter: @secret_tomato)
    August 27th, 2011 12:38 pm

    After finishing my game I noticed that I had plenty of spare hours left so I decided to add a scoreboard. Unfortunately that meant communicating with a web server, which to my knowledge meant I had to sign the thing.

    Signing applets involves some console work, but most importantly it involves an annoying popup asking people to let the thing run. In my mind that’s nearly as bad as a installer and I didn’t want anything of the sort, besides I tried that on a previous project (which come to think of it was also a 48 hour game) and that resulted in people not playing it a all.

    From some android work I’ve done I remembered I can call links to pages even if the app has no permissions(the browser handles the links), and I wasn’t too surprised when I found out that an unsigned applet can do the same.

    Basically what I did was call

    link(“http://example.com/scores.php?name=Andrew&score=asdfg”);

    (processing function, no Idea if it’s the same in reglar java) where ‘asdfg’ was an encrypted version of the score.  This coupled with making each score unique prevented floods on the scoreboard.

    The function spawns a popup window, and I’ve noticed that even if chrome blocks it, it still preloads the score page causing the score to go through. This may or may not be a security issue.

    If anyone knows a better, or just different way to have an applet share its internal data I’d love to hear it.

    VIEW GAME PAGE

     

    Tags: , , , , ,

    3 Responses to “Getting data out of unsigned applets”

    1. Codexus says:

      An applet doesn’t need to be signed to communicate with the server it comes from.

      • Andrew says:

        That’s what I thought too, but it refused to work. Maybe because it was run on the client’s machine(localhost) and saw the server where the jar files were as a different server, or maybe it was some shared host multi-servering magic, or maybe I just do it wrong.

        • stigrv says:

          When reading from the server, use realtive paths instead of absolute ones, like “files/file.txt” instead of “http://www.server.com/files/file.txt”. It’s a long time since I did this myself, but it might also be that the applet sandbox prevents you from accessing files above you in the filestructure, so that you cannot access files by writing “../files/file.txt”.

    Leave a Reply

    You must be logged in to post a comment.


    All posts, images, and comments are owned by their creators.

    [cache: storing page]