Re: securing web based game

["Tomas" <tomasg () extra lt>]

As far as I understood from your post, whenever game runs on a client-side
and server just receives final data from client, there always will be a
possibility to cheat. However, I want to _reduce_ that possibility to
minimum. The game is something like an online shooter, so using direct
connection or everytime verifying if target was hit isn't a good idea,
because lag can occur. Nobody likes it :) So session ID + algorithm is the
best idea so far. Isn't it?


Tomas


----- Original Message -----
From: "Adam [ckkl]" <ckkl () poczta wp pl>
Sent: Monday, December 23, 2002 2:12 AM
Subject: Re: securing web based game


> > > let the server (instead of client) decide about the points
> > Much better, but still not good enough. The server will need some
> > informations to calculate the gamepoints from and here we are again.
> >
> > Live with the certrainty that a gamer with to much time to spare will
> > crack any system and concentrate on the gameplay instead.
>
> I would say that as far as server does everything and there's no
> "Joshua" hardcoded - it may be a quite safe solution
> what I meant above is that the server does the business logic
> and client is just a layer for presentation [a common solution
> nowadays]
>
> I agree of course, that there's always a way to cheat
> it just depends strictly on what kind of game it is
> for interactive games - it's virtually possible to write
> a bot to analyze server's sequence of data and to answer
> with a perfect match [f.ex. sequence of keystrokes to
> find a way out of a maze],
> for gambling ones /BJ, roulette, etc./ things are random
> and if done on the server, you are unable to do anything,
> because all you see is just the results
>
> hmm what a fascinating topic...
> going to find some online casino
> there must be some flaws :-PPPP
>
> Just my 5 bolivars...
> Best regards
> Adam