to list as well. ---------- Forwarded message ---------- From: David Gerard <[EMAIL PROTECTED]> Date: 20 Apr 2008 12:25 Subject: Re: Writing a secure client/server with open source To: edA-qa mort-ora-y <[EMAIL PROTECTED]>
On 20/04/2008, edA-qa mort-ora-y <[EMAIL PROTECTED]> wrote: > Andy wrote: > > The general consensus is "The attacker already knows the algorithm" thus > > revealing the source should not be a problem. Compilation is NOT a > > secure way of hiding something anyway. > I agree, but at least it prevents casual abuse of the server. That is, > a bit of obfuscation is likely enough to rid the game of the majority > of cheaters or abusers. I agree it does nothing to deter the hardcore > attacker. It does nothing to stop them either, because their code can be copied and used by others. "Secure client" is fundamentally an oxymoron. See http://en.wikipedia.org/wiki/Trusted_client (which I rewrote a while ago to try to explain this simple point which nevertheless consistently evades people). You can't give people the secret and also keep it from them - it's *impossible*. If you want this to work, you have to make the *protocols* proof against cheats, e.g. only allowing a certain number of actions per time or whatever. Come up with a protocol that would still work if every single player had a copy of the protocol and could implement an optimal bot client for it ... because that's what they can do anyway. - d. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
