My server is an RB app using a ServerSocket as the way in... If I
recall, ServerSocket can't listen in SSL mode...?
Never used rotating keys... Would the theory be to use the session ID
as an encryption key? I'm already compressing the data, so that
wouldn't be a stretch to add.
I'll rethink where I'm at over the weekend and move more logic to the
server. At least at this stage it seems the only issue regarding
cheaters would be the banana awards, and those are very small routines,
so filtering that from the server-side shouldn't be a problem. I've
also been using Joe's Renegades code as my base engine, so changing
stuff (which I do often) is proving relatively painless
On Dec 31, 2004, at 2:40 PM, Phil Mobley wrote:
On Dec 31, 2004, at 10:07 AM, LMSpam at neuropop dot com wrote:
Anyway...... shooting people is really for fun rather than points.
OK. I had a thought... you can have people shoot rubber-bands and
throw paper airplanes at each other (of course the paper airplanes
would have random flight paths).
however, I *can* see that if I implement a ratings program where you
can award people, songs, or artists banana points, gaming and hacking
the protocol could become an issue...
With MMORPG games, a person could build up their character very fast
by cheating like this. Since they can do what ever they want without
consequences, they usually start attacking other players. And since
the other players worked hard to get where they are, they get very
upset when a cheater comes along.
If players can get ahead in your game by cheating, then you might want
to consider what I wrote before.
The site has an "ignore this user" feature which should be easily
ported, and I also have a "cookie"-like security system, so each time
you log in the server sends back a session ID. Then *every* time you
issue a command you have to send this session ID along with your
log-in email address to verify who you are.
You don't need to do this.
That is a lot of data being transmitted back and forth. You only
really need the session ID to identify the sender. But I would use
the SSLSocket (if you have the Pro version of RB) to automatically
encrypt your data. If you don't, then you can use a rotating key
encryption system.
So in theory, the only people on the system would be logged in,
registered users, and so by extension, they should be easily smacked
down (so long as others reported any abuse...), right???
Sure, but it is better to avoid the situation before it becomes a
problem. But encrypting the network data would also prevent a lot of
cheaters.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
|