https://clojure.org/reference/repl_and_main#_launching_a_socket_server
Hello, I’ve been working on a game using Clojure, and now I’d like to share it with some players.
However, I’m not comfortable with shipping it with this “backdoor” of sorts. Is there a way to disable it? I can only think of creating a Java entry point and filtering system properties before starting the Clojure runtime.
Thanks.
I wouldn’t sweat it. If someone has access to the binary, they can do whatever they want. It might be less easy without a socket server than with it, but it’s still relatively easy. Unless you go out of your way to protect against things like this, and then it becomes relatively hard, but still absolutely not clear why you’d want to go to such lengths, what benefit it brings.
If you still really want to do it for whatever reason, the user.clj file on the classpath is loaded before the server properties are checked - you can have some code there at the top level that removes the undesired properties. Note that you’d have to remove all properties with names that start with clojure.server..
It seems plausible to maybe strip (or modify) clojure/core/server.clj and clojure/main.clj from the jar if you have a dedicated entrypoint (e.g. your own main).
As has already been stated, there’s nothing stopping someone from copying them back into the jar and bypassing your stuff though, especially if you are distributing anything in source form. If you are AOT’ing and stripping source, it’s viable. Even then, they can still probably decompile your entry point, stick some stuff in to load their own script (e.g. require clojure.repl and start the socket repl). There are layers.