On Nov 17, 2005, at 2:56 PM, Ron Wheeler wrote:
If the game is for money and the client side code can be hacked for
profit, you need to move more of the game engine onto the server and
only present results and table state on the client side.
Dice rolls can not be generated by the client in that case. Your
client could be easily replaced by a version of your client that lets
the player chose his own rolls which makes Backgammon not fun for the
opponent but a really lucrative way to pass an afternoon for the guy
choosing his rolls. You probably only need to chose 3 or 4 rolls
during a game to win almost every time. (An interesting test on a real
board for someone with time to kill and a friend who does not mind
losing.)
Ron
Actually, part of the roll work can be done client-side. The issue is
with the seed to any particular random number generator. One needs a
secure hash of two generated keys from the server, then using a
client-side random number algorithm with this key as the state input,
this is completely possible.
Check out my conversion of the mersenne twister algorithm for things
like this (minus the crypto part with a server). The secure hash part
is fairly easy to implement. Aside to this thread - never use
Math.random() because it's inherently insecure.
http://magicsnacks.com/shiftedpixels/?p=8
Jon Bradley
Visual Effects / Interactive / Animation
Post Central, Inc.
[EMAIL PROTECTED]
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders