[Nel] open source MMORPG and hacks/cheats question (probably off topic)

[alfred]

I have nothing to do with the nevrax team but I know the answer to this. 
To put it simply, there is not security in obscurity. The protection 
isn't in the alogrithm, its in the "secret" that is shared. This axiom 
has been proved time and again, just look at the troubles windows has 
with its codebase... The lack of published source code ain't helping them.

I am not sure what security model nel will adopt but there are many to 
choose from and none suffer from the openness of the protocol. You could 
sign the client binaries with a public/private key pair. This stops 
trivial hacks. You would also run a secure game server which does bounds 
checking on the input, this stops obvious hacking. You can also encrypt 
the client->server data stream. Fundamentally you are in trouble because 
the client is a generalised computing machine which the user has 
complete control over, if they have the machine code they can crack it, 
but you can make it damn hard. You can also make any hack shortlived by 
having dynamic binaries. The open source nature of nel only makes it 
more secure as any flaws or bugs in the implementation will be spotted 
and solved, rather than being exploited (many eyes make bugs shallow).

:)




Alexander Denisov wrote:

> Hi to everybody, I think this is my first time posting on the mailing list.
> 
> I was thinking lately about GPL/open source discussion, and one question
> still bothers me: hacks and cheats in MMORPG.
> 
> I have seen a couple of times when hacks/cheats ruined great games
> (and I do believe that Nevrax is doing a very good game), since online
> gameplay is very sensitive to such things.
> 
> By publishing source code of the game, isn't it like giving a "green light"
> to hackers? Are there any ways
> somehow to prevent (or at least try to prevent) hacks and cheats, even if
> hacker
> knows the source code? Can the game company keep the network part of their
> game in secret
> (though I don't see how, since its clearly using NeL in this case).
> 
> I appologise if my question is completely unrelated to NeL and Nevrax game,
> since all the details are kept in secret, but I think that this is very
> important question.
> 
> By the way, thanks for the great engine! (though I'm still trying to compile
> it)
> 
> Alex
> 
> _______________________________________________
> Nel mailing list
> Nel@nevrax.org
> /mailman/listinfo.cgi/nel
> 


-- 
Alfred Reynolds
alfred@mazuma.net.au