From: SkyFlash <sky...@ch...> - 2002-11-04 04:40:36
|
> > The only thing I don't really like about it is > > that it relies on the client code releasing the same id it > was granted > > but that's the case with the existing code and I can't see > a sensible > > way to deisgn around that anyway. > > Sounds to me that one design solution would be to have Arianne > game-servers only form connections with 'qualified' clients. No no no.... the client code does neither book IDs nor does he release IDs, its all in the server code. The Zone does do all that stuff, the clients only deal with their own small world in which they can do whatever they want. > Maybe a clint woul dgo through a beta progaramme, and when > through, would receive a UID which it would have to provide to the > game server whenever it wanted a connection. (probably in > encrypted form - we don't wat folk spoofing the valid UIDs with > 'homebrew Arianneclients which haven't been tested) It doesnt matter if people use a homebrew client or whatever. The server holds the world, the server changes the world, the client only sees what the server wants it to. People can issue wrong commands or try to fool the server all they want, its no use. Cheating wont be possible, unless of course there are bugs. We dont need to certify clients, if people using invalid clients causes problems then the server design is fucked up. Don't even try to get it so spoofing is not possible. Thats useless. You can always spoof, whether you use SSL or SSH or whatever. You only attract the wrong people if you try to create a non-hackable trusted client environment. The client is NEVER trusted. If it issues bad commands its just not gonna work, and if its bad enough it will get disconnected. If you run a game server you can expect the following: 1. Normal clients with normal game messages (normal players) 2. Hacked clients that try to increase speed by issueing more commands, repeat commands, try to get more information from the server than normal clients, have special functions that make gameplay easier (powergamer, scriptkiddies) 3. People that DOS or DDOS game servers to slow down the speed and try to flood the server in order to duplicate items or crash the server to reset the bad things that happened to them (scriptkiddies, idiots, professional assholes) 4. People that try to hack the game servers by forging network packets, tcp headers, disconnect other players by faking logout messages, try to issue commands to make the server do unusual or illegal things to gain an advantage, have fun or just to be a pain in the ass (most intelligent and worst kind of players, cause they usually know what they are doing and its hard to make it stop) So, the server better deals with all those people, else it will die very fast. SkyFlash |