[MUD-Dev] strong encryption for authentication
shren
shren at io.com
Wed Jul 18 21:09:23 CEST 2001
On Sun, 15 Jul 2001, Caliban Tiresias Darklock wrote:
> On Thu, 12 Jul 2001 22:33:31 -0400, "Derek Licciardi"
> <kressilac at home.com> wrote:
*snip*
>> ShowEQ is a great example. People would setup second machines in
>> EQ to see the packets coming in and out. This revealed waay to
>> much information about the mechanics of the game in my opinion.
>> It allowed the construction of Heads Up displays that gave a
>> significant PvP advantage to those using them.
> Security through obscurity is no security at all. Assume everyone
> knows the content of every byte in every packet you send them, and
> if you don't want them to know it, don't put it in the packet. If
> the packet ends up empty, don't send it.
Don't forget the flip side here. Never assume that every action
sent by the client is a valid action. If you have a rule that an
avatar can only chuck one fireball a second, and this rule is only
enforced client side, then someone's going to hack around it, and
write a program to chuck 5 fireballs a second.
--
"For your sake, you'd better be psychic or armed."
- Jon, _Goats_
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list