[osg-users] Shaders, osg::notify and IP

Middleton, Colin (GE EntSol, Intelligent Platforms) Colin.Middleton at gefanuc.com
Wed Sep 24 05:55:57 PDT 2008

It seems that there isn't a good solution to prevent people seeing
shader code then, I didn't think of the plugin thing. Even if OSG was
made completely secure, it seems that you could get shader source code
from OpenGL debuggers ( as Ralph Kern said earlier ). 

I guess it is just a matter of putting a few simple obstacles ( like not
giving away obvious shader source code ) in people's way so that the
casual hacker is disuaded. I suppose that all the source files should
also have copyright notices for legal reasons too. 



-----Original Message-----
From: osg-users-bounces at lists.openscenegraph.org
[mailto:osg-users-bounces at lists.openscenegraph.org] On Behalf Of Robert
Sent: 24 September 2008 11:52
To: OpenSceneGraph Users
Subject: Re: [osg-users] Shaders, osg::notify and IP

Hi Colin,

The initial value of NotifyLevel is set from the OSG_NOTIFY_LEVEL env
var, which users can set themselves, but your application can set the
value via:


Which will make the OSG notification system always ignore all calls to
osg::notify(..), this way you can prevent users from changing things.

The only way to get round this would be for a user to write a plugin
that they force your application to load, then they reset the
notification level back to DEBUG and then go trawling.  Statically
linking would avoid this possibility, as would strictly managing what
plugins are loaded and from where.

But any of these changes protects a user from tweaking the OpenGL
library itself to catch the token stream, OpenGL-ES does provide
compiled shaders but OpenGL itself doesn't so it's hard to protect
against a determined hacker.

Then there is always the law itself, it's legal to reverse engineer in
most countries, but there is copyright to protect against actually copy
binaries, data and source code, so even if someone did snoop and then
reuse your work they would be open to a lawsuit.


On Wed, Sep 24, 2008 at 10:46 AM, Middleton, Colin (GE EntSol,
Intelligent Platforms) <Colin.Middleton at gefanuc.com> wrote:
> Hi all,
> My colleague was recently doing some debugging and found that when 
> OSG_NOTIFY_LEVEL is INFO or higher all of the shader code comes out as

> debug. Luckily because of the way the osg::notify code is written we 
> can prevent any slightly osg savvy 3rd party getting hold of my 
> shaders by setting the notify level in the application as the API call

> overrides the environment variable. However this prevents me from 
> using the notify level as a means of debug in the future.
> I know that many people consider shaders to be a important part of 
> their IP and so I was wondering what the community thought of this. 
> Should there be a way of preventing this debug being printed out as 
> part of the info? I wouldn't suggest removing it entirely as knowing 
> the shader source ( especially if you have constructed it in code ) 
> can be important to debugging.
> Cheers,
> Colin.
> _______________________________________________
> osg-users mailing list
> osg-users at lists.openscenegraph.org
> http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.
> org
osg-users mailing list
osg-users at lists.openscenegraph.org

More information about the osg-users mailing list