Hmm...
My web site is really like a cross between Friendster, Match.com, and
2nd Life but with a heavy emphasis on matching people based on their
musical preferences. I also let artists sign up and post songs for
free, so there's a lot of them posting songs and trying to find new
fans. (My dream is to one day have enough people so I can go traveling,
wake up in some random city, sign on and find locals who can tell me
where the best local bands are playing), and the new interface is a
virtual world implementation of the site.
Anyway...... shooting people is really for fun rather than points.
however, I *can* see that if I implement a ratings program where you
can award people, songs, or artists banana points, gaming and hacking
the protocol could become an issue...
The site has an "ignore this user" feature which should be easily
ported, and I also have a "cookie"-like security system, so each time
you log in the server sends back a session ID. Then *every* time you
issue a command you have to send this session ID along with your log-in
email address to verify who you are. So in theory, the only people on
the system would be logged in, registered users, and so by extension,
they should be easily smacked down (so long as others reported any
abuse...), right???
BTW - I'm going into an eeeeaaaaaaarly alpha soon if anyone feels like
testing...?
L
On Dec 31, 2004, at 1:06 PM, Phil Mobley wrote:
On Dec 31, 2004, at 8:29 AM, LMSpam at neuropop dot com wrote:
I'm working under this assumption right now...
Player A shoots Player B and sends a message to the server this has
happened.
The server simply echoes "<cmd>SHOT</cmd><data><who>Player
B</who><by>Player A</by></data>" to all connected machines who then
can either deal with the message or ignore it.
My assumption is that it's better to have the client machines do the
parsing and decision making, and leave the server primarily as
broadcast communications hub...?
I do not know if this matters to you or not...
The more you permit the client to control the game play, the more
likely it can get hacked. This has been a big problem with MORPG
industry, so it is usually best to start out with the server handling
all of the logic.
It is not even about hacking your executable/app, but just the network
protocol. All I need to do is learn how you send your commands to the
server and then send the commands that I want. Looking at your
example above, it would be a piece of cake to write another app.
Then while I am playing your game, and someone makes me mad so I put
their name in my app and send the command to your server -- I could
kill them without even being in close proximity to their character (if
the server let me). I could also send commands like "give me 100000
gold" or "increase strength +3" and so on.
So it is best if you limit the commands to the client (move here,
shoot there, click this) and then return the results (discovered trap,
missed, got lightning gun). It would have a higher server load, but
would be worth it.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
|