On Mar 19, 2012, at 2:27 PM, David Chan wrote: > Steam generates a custom binary for each user. See CEG Overview on > https://partner.steamgames.com/documentation/api > > I'm guessing that some sort of receipt / decryption key is stored on > the local machine when you enable offline mode. They also use > DPAPI on Windows for key storage, possibly KeyChain on OSX but I > haven't looked into that.
Nice, thanks! > I agree that there isn't much we can do with the "rooting" scenario. > The opt-in scheme sounds promising. Would the opt-in be contained > within the receipt? The decision to launch or not launch an app > should be made at the runtime level in my opinion. An app developer > should be able to decide what to do with an invalid receipt without > relying on callbacks in "untrusted" app code. Good point. I do think the verification code must run before the app is actually launched. > Proposed change to receipt > 1. Add a boolean field exitOnVerficationFail > 2. true - app doesn't launch on receipt verfication error / failure > 3. false - app launches normally on receipt verification error > > I'm not concerned about the case where a user has a valid receipt then > modifies the appcache version of the app. The server should be > checking user input in that case. > > Also this doesn't address the offline scenario. It can, if our trusted runtime stores the fact that the receipt was verified in some secure fashion, so that the next time the app is launched we don't need to hit the marketplace server. This "cookie" should have a timeout, of course, and the first time the user launches an app we need to be connected (or, as an optimization, the runtime can verify the receipt at the time of installation, when we know the user has to be online). -Anant _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
