1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Nel] open source MMORPG and hacks/cheats question (probably off topic)</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:alfred%40mazuma.net.au">
<LINK REL="Previous" HREF="000819.html">
<LINK REL="Next" HREF="000822.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Nel] open source MMORPG and hacks/cheats question (probably off topic)</H1>
<B>alfred</B>
<A HREF="mailto:alfred%40mazuma.net.au"
TITLE="[Nel] open source MMORPG and hacks/cheats question (probably off topic)">alfred@mazuma.net.au</A><BR>
<I>Sun, 16 Dec 2001 22:20:56 +1100</I>
<P><UL>
<LI> Previous message: <A HREF="000819.html">[Nel] open source MMORPG and hacks/cheats question (probably off topic)</A></li>
<LI> Next message: <A HREF="000822.html">[Nel] open source MMORPG and hacks/cheats question (probably
off topic)</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#820">[ date ]</a>
<a href="thread.html#820">[ thread ]</a>
<a href="subject.html#820">[ subject ]</a>
<a href="author.html#820">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>I have nothing to do with the nevrax team but I know the answer to this.
To put it simply, there is not security in obscurity. The protection
isn't in the alogrithm, its in the "secret" that is shared. This axiom
has been proved time and again, just look at the troubles windows has
with its codebase... The lack of published source code ain't helping them.
I am not sure what security model nel will adopt but there are many to
choose from and none suffer from the openness of the protocol. You could
sign the client binaries with a public/private key pair. This stops
trivial hacks. You would also run a secure game server which does bounds
checking on the input, this stops obvious hacking. You can also encrypt
the client->server data stream. Fundamentally you are in trouble because
the client is a generalised computing machine which the user has
complete control over, if they have the machine code they can crack it,
but you can make it damn hard. You can also make any hack shortlived by
having dynamic binaries. The open source nature of nel only makes it
more secure as any flaws or bugs in the implementation will be spotted
and solved, rather than being exploited (many eyes make bugs shallow).
:<i>)
</I>
Alexander Denisov wrote:
><i> Hi to everybody, I think this is my first time posting on the mailing list.
</I>><i>
</I>><i> I was thinking lately about GPL/open source discussion, and one question
</I>><i> still bothers me: hacks and cheats in MMORPG.
</I>><i>
</I>><i> I have seen a couple of times when hacks/cheats ruined great games
</I>><i> (and I do believe that Nevrax is doing a very good game), since online
</I>><i> gameplay is very sensitive to such things.
</I>><i>
</I>><i> By publishing source code of the game, isn't it like giving a "green light"
</I>><i> to hackers? Are there any ways
</I>><i> somehow to prevent (or at least try to prevent) hacks and cheats, even if
</I>><i> hacker
</I>><i> knows the source code? Can the game company keep the network part of their
</I>><i> game in secret
</I>><i> (though I don't see how, since its clearly using NeL in this case).
</I>><i>
</I>><i> I appologise if my question is completely unrelated to NeL and Nevrax game,
</I>><i> since all the details are kept in secret, but I think that this is very
</I>><i> important question.
</I>><i>
</I>><i> By the way, thanks for the great engine! (though I'm still trying to compile
</I>><i> it)
</I>><i>
</I>><i> Alex
</I>><i>
</I>><i> _______________________________________________
</I>><i> Nel mailing list
</I>><i> <A HREF="mailto:Nel@nevrax.org">Nel@nevrax.org</A>
</I>><i> <A HREF="/mailman/listinfo.cgi/nel">/mailman/listinfo.cgi/nel</A>
</I>><i>
</I>
--
Alfred Reynolds
<A HREF="mailto:alfred@mazuma.net.au">alfred@mazuma.net.au</A>
</pre>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI> Previous message: <A HREF="000819.html">[Nel] open source MMORPG and hacks/cheats question (probably off topic)</A></li>
<LI> Next message: <A HREF="000822.html">[Nel] open source MMORPG and hacks/cheats question (probably
off topic)</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#820">[ date ]</a>
<a href="thread.html#820">[ thread ]</a>
<a href="subject.html#820">[ subject ]</a>
<a href="author.html#820">[ author ]</a>
</LI>
</UL>
</body></html>
|