[GD-General] opensource for online play
Brought to you by:
vexxed72
From: Mike W. <mi...@ub...> - 2003-02-10 10:12:47
|
Hey all. We've been slowly setting up the inner workings of the network play for our engine. One thing that has come up is the fact that our engine also happens to be Open Source, so how do we deal with security issues for hacking online games when we are giving the hackers all of our source code. We've decided that the network side of things will be a .lib that we distribute, along with the source, for people that need to recompile the engine....most users don't, so this is no big deal... This still leaves us with the problem of having someone create a stub exe using our network lib to create hacker tools mind you... i've considered having some kind of 'GUID' or 'security passcode' that the game needs to validate, almost like the WonID system, only for the game itself, before the game server lets the client connect... Perhaps some sort of time/date stamp authentication, along with a check of the exe's size (to make sure it's not hacked), etc...but overall, none of these systems seem to respect our 'open source roots'... My company is moving into the position of being the sole administrators of the 'master servers' for the entire engine, as such as are setting up the master servers, chat/lobby servers and the like, as well as providing game server hosting for developers that are looking for affordable game server hosting (and publishing)...anyways.. i'd like to balance somehow the security issues (which proprietary closed source games can't seem to handle, let alone open source ones) with the open source traditions of our engine. any suggestions on ways to proceed? the GUID seems to be the most common sense method, but anyone with a hexcode reader can grab the GUID (and any kind of 'hard-coded' password that we include in the exe) and defeat the system... anyone else been through this before and come up with any solutions? the engine is called 'reality factory' - site is at http://rfactory.uber-geek.ca screens of the multiplayer maps in action - http://www.uber-geek.ca/games/turing/ctf/ anyways...i'm curious how (if) people have managed this before, and what techniques they've used to provide security for your client applications... cheers mike w www.uber-geek.ca |