[MUD-Dev] TECH: Trusting Network Clients
Arnau Rossell=?US-ASCII?Q?=F3?= Castell=?US-ASCII?Q?=F3?=
arocas at alumni.uv.es
Tue Aug 27 10:59:21 CEST 2002
Jeremy Noetzelman <jjn at kriln.com> wrote:
> Well otherwise people could manipulate the data easily, so where's
> the border line, what data should you allow the client to process?
> Any reommendations?
You should never trust the client, and only send him the data it is
supposed to know, otherwise, the game can --and will-- be
cheated. That said, you often can reach a compromise between what
you should do and what it's practical. Ideas I think can be
workable:
- Have a thread that replicates calculations from random players,
and if you find some deviation--ban him. To be effective, every
player should be scanned every so often(twenty minutes?).
- Have players perform their calculations and the calculations of
someone else. This is dangerous because a player could snoop on
the other player's data, and find things he shouldn't know, so the
data set from the other player shouldn't be enough to extract
meaningful data(it's not the same to know someone somewhere is low
on health, that someone THERE is low on health)
- Forget about the whole thing and buy a beefier server. Is really
worth the trouble and the inherent insecurity?
--
Arnau
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list