[MUD-Dev] TECH: Trusting Network Clients

Nicolai Hansen nic at aub.dk
Tue Aug 27 11:00:10 CEST 2002


Fox wrote:

> I lately started planning a graphical MUD and I hope it would work
> so far. But I came across the question to trust the client data or
> not. Of course it would be secure if the server just does
> *everything* but I think this would afford a tremendously server
> power. Well otherwise people could manipulate the data easily, so
> where's the border line, what data should you allow the client to
> process? Any reommendations?

The client could have its own item database (not with item stats,
only with descriptions etc), and the client could display those.
The client could manage all movement 'inside' the characters and
monsters ('inside' being a bad word meaning 'movement of arms,
hands, feet, etc').

And that's as far as I would go. Games like Anarchy Online obviously
allow the client to manage duration on spell effects, health and
character positions as well (server is still managing these too,
guess its a bandwith issue). Without too much luck (quite often
these are out of synch with the server resulting in some very
strange incidents).

I would never trust any client to keep control of game sensitive
things.  It WILL be hacked, and someone WILL give themselves
unlimited hitpoints :)

-Nic


_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev



More information about the mud-dev-archive mailing list