|
|
|
|
 |
August 12th, 2004, 06:31 PM
|
 |
Shrapnel Fanatic
|
|
Join Date: Oct 2003
Location: Vacaville, CA, USA
Posts: 13,736
Thanks: 341
Thanked 479 Times in 326 Posts
|
|
Re: Mumbling about MP security
Quote:
Hmmm, frankly I still want to jump you case about it Gandalf, since I don't see the server-side gem tracking to be such a huge problem to implement, but I'll let it pass. 
|
My answers are not Johans. He is already looking at it.
Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)
__________________
-- DISCLAIMER:
This game is NOT suitable for students, interns, apprentices, or anyone else who is expected to pass tests on a regular basis. Do not think about strategies while operating heavy machinery. Before beginning this game make arrangements for someone to check on you daily. If you find that your game has continued for more than 36 hours straight then you should consult a physician immediately (Do NOT show him the game!)
|
August 12th, 2004, 06:55 PM
|
 |
First Lieutenant
|
|
Join Date: Mar 2004
Location: CA
Posts: 744
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Re: Mumbling about MP security
Quote:
Quote:
Hmmm, frankly I still want to jump you case about it Gandalf, since I don't see the server-side gem tracking to be such a huge problem to implement, but I'll let it pass.
|
My answers are not Johans. He is already looking at it.
|
Good to hear this.
Quote:
Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)
|
Heh. Between hackers and programers, all interested at the same goal, some good security ideas could be developed...
|
August 12th, 2004, 07:46 PM
|
 |
Private
|
|
Join Date: Jul 2004
Location: Edmonton, AB
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: Mumbling about MP security
Quote:
Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)
|
Absolute security may not be possible, but, as described above, client hacks can be eliminated by simply passing the client a partial copy of the game state, with the client only returning a list of orders to the server. Then it doesn't matter what you do to the client, the server processes the orders against the true game state. If you screw around with the client or the information passed to the client, then you'll only be hurting yourself as your orders won't map properly to the true game state. |
August 12th, 2004, 08:29 PM
|
|
First Lieutenant
|
|
Join Date: Mar 2004
Location: CA
Posts: 744
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Re: Mumbling about MP security
Quote:
Quote:
Part of the problem is that this is a forum full of programmers to whom nothing is impossible. And Im more hacker to whom no absolute security is considered possible. But I should stop arguing the points to allow for placebos if nothing else. (insert truly evil smiley here)
|
Absolute security may not be possible, but, as described above, client hacks can be eliminated by simply passing the client a partial copy of the game state, with the client only returning a list of orders to the server. Then it doesn't matter what you do to the client, the server processes the orders against the true game state. If you screw around with the client or the information passed to the client, then you'll only be hurting yourself as your orders won't map properly to the true game state.
|
Yeap, that's what I had in mind as well. I said earlier when I quoted "the client is in the hands of the enemy" mantra, all importent tasks should be performed only by the server, and the server should keep in mind state of the previous turn (or even several turns, for additional security checks). Than, *as long as server is not compromised*, such sustem is practically impossible to hack from the client side, with hex edit or anything else. And I am sure Mose (as well as other people with good technical knowledge who may decide to run public servers for the Dom2 community in the future) can protect well his server from being hacked directly, that would become nesseserly to do in order to hack various Dom2 hosts that are being run on his computer. In any case such hack would be much more complex and difficult to pull of, that the current mostly client-centered system, and IMHO very unlikely to be developed at all. Remeber, after all the probability of new hack being developed is directly proportinal to the size of the players community. And unlike Blizzard's MP games, Dom2 have 1000 times smaller audience, therefore the apperance of very complex server based hacks, that would also require server's security to be breached in order for them to work, IMHO extremely unlikely.
|
August 12th, 2004, 09:44 PM
|
|
Sergeant
|
|
Join Date: Sep 2003
Location: Norway
Posts: 346
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: Mumbling about MP security
Quote:
And Im more hacker to whom no absolute security is considered possible.
|
Oh, it's quite possible to make a computer program without any security flaws - the tricky thing is <i>knowing</i> that there aren't any security flaws in it. :-p
__________________
"Freefall, my old nemesis! All I have to do is activate my compressed gas rocket boots and I will cheat you once again! Belt control ON!…On?" [i]Othar Trygvasson[i]
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
|
|
Hybrid Mode