[Nel] open source MMORPG and hacks/cheats question (probablyoff topic)

Mon, 17 Dec 2001 12:07:37 +0100

At Nevrax our thoughts run as follows:
+
+Game clients are very easy to reverse engineer or hack on a PC.
+Server/ Client data packets are even easier to hack.
+
+We assume that whether the source code for the client is open or closed, it
+will inevitably be modified.
+
+The only way to avoid cheating is to take all game sensitive decisions
+server-side and to treat client as a kind of dumb terminal. This has
+implications throughout the game design.
+
+For instance, to avoid a hack from making invisible players visible, it is
+up to the servers not to transmit update information for invisible players
+to the clients. This means that invisible players can not make 3d-positional
+noises as this would give an exploitable piece of information.
+
+The front end servers clearly have to be robust too which means that all
+incoming data from the clients is treated with caution - packets containing
+invalid data are simply ignored.
+
+
+In a nutshell - we assume that servers are trustworthy and that clients are
+not.
+
+
+Daniel.
+
+-----Original Message-----
+From: nel-admin@nevrax.org [mailto:nel-admin@nevrax.org]On Behalf Of
+Vincent Caron
+Sent: Sunday, December 16, 2001 7:13 PM
+To: nel@nevrax.org
+Subject: Re: [Nel] open source MMORPG and hacks/cheats question
+(probablyoff topic)
+
+
+There's a bit more than the 'security through obscurity' debate in this
+question. It is actually more a question of trust, or if you prefer,
+_what_ or _who_ needs to be secured ? The game ? The player moves ? The
+server knowledge ?
+
+Eric S. Raymond (with a nice link to Carmack's tought about this) did a
+nice essay, back to the time where 'cheating drivers' (making walls
+transparent) were about to be unveiled for FPS games :
+
+http://www.tuxedo.org/~esr/writings/quake-cheats.html
+
+
+_______________________________________________
+Nel mailing list
+Nel@nevrax.org
+http://www.nevrax.org/mailman/listinfo.cgi/nel
+
+
+