Re: [GD-General] opensource for online play
Brought to you by:
vexxed72
Menu
▾
▴
Re: [GD-General] opensource for online play
|
From: Mike W. <mi...@ub...> - 2003-02-10 16:57:30
|
Mads Bondo Dydensborg wrote: >On Mon, 10 Feb 2003, Mike Wuetherick wrote: > > > >>We've been slowly setting up the inner workings of the network play for >>our engine. One thing that has come up is the fact that our engine also >>happens to be Open Source, so how do we deal with security issues for >>hacking online games when we are giving the hackers all of our source code. >> >> > >This have been discussed extensively on the LInux game related mailing >lists. The consensus seems to be that there is no way you can protect your >game, wheter closed or open, if you place any trust on the client. Open >source in general makes it easier. > > this is pretty much what we've come up with as well...somehow to make the clients a simple 'dumb terminal' that renders instructions sent to it by the server... >>We've decided that the network side of things will be a .lib that we >>distribute, along with the source, for people that need to recompile the >>engine....most users don't, so this is no big deal... >> >> >If you have the stuff in a single file, you actually make it easier for >the cracker. > very good point...i'll pass that on to the programmers (i just come up with the dumb ideas and try to get them to make it work ;) >> >>This still leaves us with the problem of having someone create a stub >>exe using our network lib to create hacker tools mind you... >> >> > >Yes, not to mention intercepting system calls, using a scripted debugger, >etc etc. > > yeah it's not that difficult to do if you are really looking >>Perhaps some sort of time/date stamp authentication, along with a check >>of the exe's size (to make sure it's not hacked), etc...but overall, >>none of these systems seem to respect our 'open source roots'... >> >> > >And are easily fooled both for open and closed source. > > yes i would imagine, but it seems that valve and other companies do this type of thing with their games as at least a 'deterent' type of prevention...however 'effective' it might be... >>screens of the multiplayer maps in action - >>http://www.uber-geek.ca/games/turing/ctf/ >> >> >this gives a 404. > hmm...oops www.uber-geek.ca/games/turing/screens/ctf/ forgot a directory in there. >>anyways...i'm curious how (if) people have managed this before, and what >>techniques they've used to provide security for your client applications... >> >> > >I am sure some will have more constructive answers than mine, but I >believe it boils down to minimize the trust in the client. > > yeah, i agree. we'll have to focus specifically on this during the initial design... cheers, mike w www.uber-geek.ca |
