You would not worry about someone being able to hack the client and
modify the roll generation to allow the player to choose the desired
roll and then send it (or the play result - move) to the server or just
substitute the client with a client that lets rolls be specified?
I am less worried about hacking the random number generator since if you
want a double five it is going to be easier to specify that than to go
to the trouble of specifying a random number that is going to generate a
double six roll.
I think that you want all play that should not be under control of the
player to be done on the server. That way, there is no chance of a rogue
client beating the system.
Ron
Jon Bradley wrote:
On Nov 17, 2005, at 2:56 PM, Ron Wheeler wrote:
If the game is for money and the client side code can be hacked for
profit, you need to move more of the game engine onto the server and
only present results and table state on the client side.
Dice rolls can not be generated by the client in that case. Your
client could be easily replaced by a version of your client that lets
the player chose his own rolls which makes Backgammon not fun for the
opponent but a really lucrative way to pass an afternoon for the guy
choosing his rolls. You probably only need to chose 3 or 4 rolls
during a game to win almost every time. (An interesting test on a
real board for someone with time to kill and a friend who does not
mind losing.)
Ron
Actually, part of the roll work can be done client-side. The issue is
with the seed to any particular random number generator. One needs a
secure hash of two generated keys from the server, then using a
client-side random number algorithm with this key as the state input,
this is completely possible.
Check out my conversion of the mersenne twister algorithm for things
like this (minus the crypto part with a server). The secure hash part
is fairly easy to implement. Aside to this thread - never use
Math.random() because it's inherently insecure.
http://magicsnacks.com/shiftedpixels/?p=8
Jon Bradley
Visual Effects / Interactive / Animation
Post Central, Inc.
[EMAIL PROTECTED]
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
