[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)

Jon Leonard jleonard at divcom.slimy.com
Mon Oct 19 16:18:06 CEST 1998


On Mon, Oct 19, 1998 at 04:37:56PM -0500, Steve Sparks wrote:
> > Jon Leonard wrote:
> > > Logging the IP address of a cheat is an interesting deterrent, but in a
> > > world of dynamic IP addresses it doesn't give you anything worthwhile.
> 
> Dynamic address information can be traced to a client. If you log the IP
> you can track it to a USER ID. Just require valid non-anonymous email
> information and if your a pay service you have a credit card. 

I'm not sure what you mean by "USER ID" in this context.  In a fairly standard
ISP setup, the customer dials in to get a network connection and a single IP
address, which will typically be different for every session.  Just logging
the IP address doesn't help all that much, because the user will have a
different address next time, and the same address may be used by someone else.

If you log something about the particular instance of the client software
they're using, that's entirely different.  That serial number/email address/
credit card number is the unique ID.  The IP address isn't.

> If there is some sort of security problem like someone crashing a service
> you can use the ip to notify the ISP of the problem and since you have the
> email or credit card info they can terminiate the account. 

The ISP can usually take an (IP address,time) pair and figure out which of
their customers was responsible.  Most of the time you'll have to convince
a human being that it's a real problem to get this, though.  It's not
something you can automate to prevent in-game cheating.

An email address or credit card number may not help with the ISP, either.
Email accounts aren't hard to obtain from places like Hotmail, and the
credit card used to pay for a game can be different than what's used to
pay for network connectivity.

Having a credit card number allows an interesting extra twist, though.
If the terms of service include a surcharge for detecting attempts at
cheating, you may deter cheating, and make extra money when you do have
to deal with it.

> Before you say who is going to give out email, well most people do not
> have negative reasons for wanting to play at the start so it should not be
> a problem. If they do have a problem it is time to play on another system.

My experience has been that the most troublesome players are perfectly
capable of coming up with new, unrelated email addresses, so registration
is of limited value.  Some others on the list would know better, having
run much bigger and more recent games.

Jon Leonard




More information about the mud-dev-archive mailing list