Jump to content
GameMonetize.com © The leading broker of high quality cross-platform HTML5 games ×

What is site lock

sandy234

By sandy234,
in General Talk

 Share

Recommended Posts

rich Grand Master

rich

Posted
Posted

No an "exclusive license" means you can't sell to anyone else. A site lock is a left-over term from the Flash days to be honest, it just means you provide a game to the portal specifically for their one web site only, and they are not allowed to put it anywhere else. Flash games (and some html5 ones) usually had code in that checked the URL so they only ran from the agreed domain name.

Link to comment
Share on other sites
joannesalfa Newbie

joannesalfa

Posted
Posted

Alternative method, use AJAX to get a file using PHP or some server side language to unblock the game which it's more secure than client side even cross-domain is not allowed to other websites.

 

Comparing domain name doesn't help because the rippers are looking all strings to change their own strings, except this method as comparing domain name would help against lazy rippers. 

Link to comment
Share on other sites
Evan Burchard Newbie

Evan Burchard

Posted
Posted

My kneejerk response was this:

"Maybe I don't understand the technique well, but couldn't a sitelock be defeated pretty easily with an iframe?"

 

Did a bit of research and found this (okay):

http://answers.unity3d.com/questions/358990/how-do-i-sitelock-a-game.html

 

Then this (much more informative, but a tad old):

http://www.codinghorror.com/blog/2009/06/we-done-been-framed.html

 

"sitelock" relies on "frame-busting" in order to have iframe resistant html. But it sounds like a bit of an arms race.  According to the coding horror article "If an evil website decides it's going to frame your website, you will be framed. Period."

 

It also describes a link between framing and click jacking, where users click on fake links.

 

The article is from 2009 though.  Anyone know if all of this is still true?

Link to comment
Share on other sites
joannesalfa Newbie

joannesalfa

Posted
Posted (edited)

My kneejerk response was this:

"Maybe I don't understand the technique well, but couldn't a sitelock be defeated pretty easily with an iframe?"

 

Did a bit of research and found this (okay):

http://answers.unity3d.com/questions/358990/how-do-i-sitelock-a-game.html

 

Then this (much more informative, but a tad old):

http://www.codinghorror.com/blog/2009/06/we-done-been-framed.html

 

"sitelock" relies on "frame-busting" in order to have iframe resistant html. But it sounds like a bit of an arms race.  According to the coding horror article "If an evil website decides it's going to frame your website, you will be framed. Period."

 

It also describes a link between framing and click jacking, where users click on fake links.

 

The article is from 2009 though.  Anyone know if all of this is still true?

 

 

Better check this:

http://en.wikipedia.org/wiki/Framekiller

 

Edit:

 

If your server uses PHP, this is a good solution:

 

http://stackoverflow.com/questions/5224286/how-to-limit-display-of-iframe-from-an-external-site-to-specific-domains-only/5224410#5224410

Edited by joannesalfa
Link to comment
Share on other sites
Ezelia Newbie

Ezelia

Posted
Posted

@joannesalfa the php Ajax solution or .htaccess solution will not protect anything.

for ajax solution, the hacker can allways capture ajax respons, copy the game on his server and simulate the same Ajax response.
for .htaccess solution he can access the game from an authorised domain name then copy the content ...

Link to comment
Share on other sites
Chris Newbie

Chris

Posted
Posted

The second you offer your contets to be accessed by a user, they can be downloaded and saved as well.

You can't do anything about it - it simply works this way. Sitelocks for HTML/JS stuff is impossible.

 

Sitelocks in Flash were (partly) possible, since Flash games/files compile into a blackbox (swf).

But even SWF files can be edited and their sitelock can be removed, altough its a lot harder compared

agains plaintext javascript.

Link to comment
Share on other sites
Ezelia Newbie

Ezelia

Posted
Posted

@Ezelia I know AJAX is a client side that we cannot trust it but how do you read PHP content with HTTP and domain conditions then without echo function? Did I mention about .htaccess? I dont think I posted about .htaccess here..

 

why would you need to read PHP content :) what PHP do is generating a response ... that response can allways be simulated even without knowing the PHP logic ... also, the ajax call can be remove from the game .

I don't see how you can protect your game this way ?!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...