Hi, after the registration of recipes has changed by forge, transporting script from server would never valid, so an obvious security problem followed, some leeches search Ready-made script from other similar server, by downloading there (public)client, then integrating to a modpack or client, even naming it "Characteristic integration".（or pirate other's script was immoral）

So, I think we'd better find a way to prevent script from unfriendly duplicate, but I've no idea about how to dev a mod except some useless suggestion.

Have anyone met a similar problem?

Maybe we cloud condense the script to a Encrypted zip, and ensure each script, in zip packet, has function to communicate with server, if could not pass the check, breaking the connection?

I've thought about this a lot, there is no good way to do this. The encryption key can just be gotten from the decompiled jar file.

Maybe have the key in the server configs, and then the server sends it to the client?

I was thinking of sending the key to the client. (I'm assuming the client does need a copy of the scripts in their configuration, because if they're server-side only, what's the problem?)

well the scripts are ran during Register, and are only processed between then and before the main menu appears (because of JEI, we need to run before JEI caches the recipes), so by the time the player can connect to the server, it is already too late to run the scripts.

If you want to talk more about this, you can join my discord and we can discuss it there. http://discord.blamejared.com

Alas, I can't do Discord right now (no mike). But if I understand what you're saying, that means you can't do per-world (that is, per server) scripts at all, they have to be fixed for each profile. Is that right?

Correct, scripts are ran before the main menu, so the player doesn't really have a choice there, also when I suggested discord, I more meant for the text aspect of it.

ok, but is there has anyway can make CT download scripts from a remote server before the register period?