Light Docs

Placeholder Injection

Insert anti-piracy placeholders into your product archives

Overview

Since v1.9.0 only

This feature is only available in store versions v1.9.0 and above.

Experimental

This feature is currently experimental. Things may break and files & archives can arrive altered or corrupted.

The new placeholders allow you to easily identify potential leakers of your product, by inserting specific values into your product archives.

Using the nonce, a completely unique identifier to each download, you may identify the user who downloaded your product by using a nonce checker available in the admin dashboard. If the nonce is found in - for example - a leaked or redistributed product file, you can then proceed knowing who originally bought & downloaded the product and ban the leaker.

Additional placeholders are also available to help you identify the source of the download.

Placeholder injection is opt-in per product. You can enable it within a product's edit page, under the "Security" section.

Caveats

Since placeholders are injected at the time of download, downloads are delayed until all files are looked up and replaced with placeholders.

The bigger a version file is, the longer it will take to download, due to the need to unpack the archive and replace the placeholders for each file.

Take care when enabling placeholder injection for large files, since times to start downloading might be slow or even time out.

As a general rule of thumb, we recommend files that are 25 MB or less in size when enabling placeholder injection.

Enabling & connecting

Placeholders are injected by a separate software Placy.

Within the "Placeholders" tab of your store settings, you will find two settings:

  • Enable or disable placeholder injection for the whole store,
  • Placeholder injection endpoint.

Docker Compose users don't have to install or configure any additional software. It is already included in the Docker Compose setup.

Simply use the endpoint: http://placy:8786/api/v1/transform in placeholder injection settings. HTTPS is not required, since all processing is happening completely locally, containerized within Docker.

Placy is ran on Java 17 (or newer). You can either obtain a release build for a ready to use JAR file, or build it yourself via Gradle.

You can run it using the command java -jar Placy.jar.

Connecting it to the store is as simple as providing the endpoint in the store settings.

The endpoint consists of:

http://<host>:<port>/api/v1/transform

Unless the Placy server is hosted on another machine, the host is localhost. By default, the server port is 8080 (this can be changed by using the provided .env file.)

Supported file types

Archives in .zip, .tar(.gz) or .jar bytecode will be unpacked and the placeholders will be replaced for each file within. Microsoft Office Documents and PDF files are also supported and will be parsed.

Full list of supported file types

Any other, unsupported file type will be treated as UTF-8 text and replaced in plain text.

Available Placeholders

All placeholders are BuiltByBit compatible.

  • %%__LIGHTSTORE__%% - "true" for all downloads through this store

  • %%__BUILTBYBIT__%% - "false"

You can use the above placeholders to determine the download source without providing two different versions of your product for both platforms.

  • %%_USER__%% Downloading user ID

  • %%__USERNAME__%% Downloading user name

  • %%__RESOURCE_TITLE__%% Downloading product name

  • %%__RESOURCE__%% Product ID

  • %%__VERSION__%% Product version ID

  • %%__VERSION_NUMBER__%% Product version number (code)

  • %%__TIMESTAMP__%% Timestamp

  • %%__NONCE__%% - Unique download identifier hash

Permissions & Roles

Using permissions and roles to control store access.

Upgrade

Learn how to upgrade store versions with minimal downtime and no data-loss.

On this page

OverviewEnabling & connectingSupported file typesAvailable Placeholders