Keeping the average user from opening two copies of my program
Multi tool use
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
2
down vote
favorite
I know that this is an impossible task against someone determined, but I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
Here's the quick code I've made:
const tmp = require('tmp'),
fs = require('fs'),
path = require('path');
// Randomly generated, constant in each copy of the app
const app_code = '19c2cefbfa76b4887a1d4664704a3fe0';
// Write protection here, although it doesn't help much
const lock = tmp.fileSync( mode: 0444, prefix: app_code);
const filedir = path.dirname(lock.name);
const filename = path.basename(lock.name);
// Search for already running copies
fs.readdirSync(filedir).forEach(f =>
// If it's made by the app and it's not mine
if (f.includes(app_code) && f !== filename)
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Watch for my own lock being deleted
fs.watch(filedir, function(event, who)
if (event === 'rename') who.includes(app_code))
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Main program content, use placeholder here:
setInterval(() => console.log("Running alone"), 1000);
There are a few issues that I see right off the bat:
- Different tmp folders being used
- Locks being left in place if the program is terminated, meaning no copies could run
Anything obvious I'm missing?
javascript node.js security
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
asked Jun 20 at 20:24
Ottomated
111
add a comment |Â
up vote
2
down vote
favorite
I know that this is an impossible task against someone determined, but I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
Here's the quick code I've made:
const tmp = require('tmp'),
fs = require('fs'),
path = require('path');
// Randomly generated, constant in each copy of the app
const app_code = '19c2cefbfa76b4887a1d4664704a3fe0';
// Write protection here, although it doesn't help much
const lock = tmp.fileSync( mode: 0444, prefix: app_code);
const filedir = path.dirname(lock.name);
const filename = path.basename(lock.name);
// Search for already running copies
fs.readdirSync(filedir).forEach(f =>
// If it's made by the app and it's not mine
if (f.includes(app_code) && f !== filename)
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Watch for my own lock being deleted
fs.watch(filedir, function(event, who)
if (event === 'rename') who.includes(app_code))
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Main program content, use placeholder here:
setInterval(() => console.log("Running alone"), 1000);
There are a few issues that I see right off the bat:
- Different tmp folders being used
- Locks being left in place if the program is terminated, meaning no copies could run
Anything obvious I'm missing?
javascript node.js security
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
asked Jun 20 at 20:24
Ottomated
111
A different type of implementation here: How to disallow multiple instances of the same app in nodejs
– jfriend00
Jun 20 at 21:47
That seems promising. It looks like it would be more foolproof, but also could have a few shortcomings - I think I'll use it for now at least.
– Ottomated
Jun 20 at 23:05
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I know that this is an impossible task against someone determined, but I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
Here's the quick code I've made:
const tmp = require('tmp'),
fs = require('fs'),
path = require('path');
// Randomly generated, constant in each copy of the app
const app_code = '19c2cefbfa76b4887a1d4664704a3fe0';
// Write protection here, although it doesn't help much
const lock = tmp.fileSync( mode: 0444, prefix: app_code);
const filedir = path.dirname(lock.name);
const filename = path.basename(lock.name);
// Search for already running copies
fs.readdirSync(filedir).forEach(f =>
// If it's made by the app and it's not mine
if (f.includes(app_code) && f !== filename)
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Watch for my own lock being deleted
fs.watch(filedir, function(event, who)
if (event === 'rename') who.includes(app_code))
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Main program content, use placeholder here:
setInterval(() => console.log("Running alone"), 1000);
There are a few issues that I see right off the bat:
- Different tmp folders being used
- Locks being left in place if the program is terminated, meaning no copies could run
Anything obvious I'm missing?
javascript node.js security
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
asked Jun 20 at 20:24
Ottomated
111
I know that this is an impossible task against someone determined, but I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
Here's the quick code I've made:
const tmp = require('tmp'),
fs = require('fs'),
path = require('path');
// Randomly generated, constant in each copy of the app
const app_code = '19c2cefbfa76b4887a1d4664704a3fe0';
// Write protection here, although it doesn't help much
const lock = tmp.fileSync( mode: 0444, prefix: app_code);
const filedir = path.dirname(lock.name);
const filename = path.basename(lock.name);
// Search for already running copies
fs.readdirSync(filedir).forEach(f =>
// If it's made by the app and it's not mine
if (f.includes(app_code) && f !== filename)
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Watch for my own lock being deleted
fs.watch(filedir, function(event, who)
if (event === 'rename') who.includes(app_code))
// Delete my lock and close
fs.unlink(lock.name);
process.exit(1);
);
// Main program content, use placeholder here:
setInterval(() => console.log("Running alone"), 1000);
There are a few issues that I see right off the bat:
- Different tmp folders being used
- Locks being left in place if the program is terminated, meaning no copies could run
Anything obvious I'm missing?
javascript node.js security
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
asked Jun 20 at 20:24
Ottomated
111
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
edited Jul 23 at 0:37
Jamal♦
30.1k11114225
30.1k11114225
asked Jun 20 at 20:24
Ottomated
111
asked Jun 20 at 20:24
Ottomated
111
asked Jun 20 at 20:24
Ottomated
111
111
A different type of implementation here: How to disallow multiple instances of the same app in nodejs
– jfriend00
Jun 20 at 21:47
That seems promising. It looks like it would be more foolproof, but also could have a few shortcomings - I think I'll use it for now at least.
– Ottomated
Jun 20 at 23:05
add a comment |Â
A different type of implementation here: How to disallow multiple instances of the same app in nodejs
– jfriend00
Jun 20 at 21:47
That seems promising. It looks like it would be more foolproof, but also could have a few shortcomings - I think I'll use it for now at least.
– Ottomated
Jun 20 at 23:05
A different type of implementation here: How to disallow multiple instances of the same app in nodejs
– jfriend00
Jun 20 at 21:47
A different type of implementation here: How to disallow multiple instances of the same app in nodejs
– jfriend00
Jun 20 at 21:47
That seems promising. It looks like it would be more foolproof, but also could have a few shortcomings - I think I'll use it for now at least.
– Ottomated
Jun 20 at 23:05
That seems promising. It looks like it would be more foolproof, but also could have a few shortcomings - I think I'll use it for now at least.
– Ottomated
Jun 20 at 23:05
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I suggest you to use resource based locking. Consider the following:
- your application uses well known TCP/UDP port. Only single process can bind it.
- your application uses some configuration/database/whatever files in predefined places.
flockthem. Same stands for pid files under/var/run.
It is still possible to separate resources with chroot or containers. But if nothing is shared are there any benefits in forced locking?
I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
I guess mid-average users won't use network namespaces, chroots or containers. If they will - I bet they have the reasones so let them do the thing.
answered Jul 23 at 9:49
sineemore
1,173217
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I suggest you to use resource based locking. Consider the following:
- your application uses well known TCP/UDP port. Only single process can bind it.
- your application uses some configuration/database/whatever files in predefined places.
flockthem. Same stands for pid files under/var/run.
It is still possible to separate resources with chroot or containers. But if nothing is shared are there any benefits in forced locking?
I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
I guess mid-average users won't use network namespaces, chroots or containers. If they will - I bet they have the reasones so let them do the thing.
answered Jul 23 at 9:49
sineemore
1,173217
add a comment |Â
up vote
0
down vote
I suggest you to use resource based locking. Consider the following:
- your application uses well known TCP/UDP port. Only single process can bind it.
- your application uses some configuration/database/whatever files in predefined places.
flockthem. Same stands for pid files under/var/run.
It is still possible to separate resources with chroot or containers. But if nothing is shared are there any benefits in forced locking?
I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
I guess mid-average users won't use network namespaces, chroots or containers. If they will - I bet they have the reasones so let them do the thing.
answered Jul 23 at 9:49
sineemore
1,173217
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I suggest you to use resource based locking. Consider the following:
- your application uses well known TCP/UDP port. Only single process can bind it.
- your application uses some configuration/database/whatever files in predefined places.
flockthem. Same stands for pid files under/var/run.
It is still possible to separate resources with chroot or containers. But if nothing is shared are there any benefits in forced locking?
I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
I guess mid-average users won't use network namespaces, chroots or containers. If they will - I bet they have the reasones so let them do the thing.
answered Jul 23 at 9:49
sineemore
1,173217
I suggest you to use resource based locking. Consider the following:
- your application uses well known TCP/UDP port. Only single process can bind it.
- your application uses some configuration/database/whatever files in predefined places.
flockthem. Same stands for pid files under/var/run.
It is still possible to separate resources with chroot or containers. But if nothing is shared are there any benefits in forced locking?
I'd like to keep mid-average users from being able to open more than one copy of my program at a time.
I guess mid-average users won't use network namespaces, chroots or containers. If they will - I bet they have the reasones so let them do the thing.
answered Jul 23 at 9:49
sineemore
1,173217
edited Aug 1 at 23:07
answered Jul 23 at 9:49
sineemore
1,173217
answered Jul 23 at 9:49
sineemore
1,173217
answered Jul 23 at 9:49
sineemore
1,173217
1,173217
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f196920%2fkeeping-the-average-user-from-opening-two-copies-of-my-program%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
A different type of implementation here: How to disallow multiple instances of the same app in nodejs
– jfriend00
Jun 20 at 21:47
That seems promising. It looks like it would be more foolproof, but also could have a few shortcomings - I think I'll use it for now at least.
– Ottomated
Jun 20 at 23:05