Thus spake "David Stanaway": > This wouldn't get you any additional security. > You dice hacker could just modify that code that returns the checksum. If > they used a proxy, they could even do that externally to vassal. Only way > for that to work is to use a trusted third party server with verifiable > results.
Corerct. There's no reason to believe that the checksum reported from the other side would be reliable. > I haven't heard of these cases you say of dice hacking? Are people really > doing this? Pretty despicable if they are, but there is not much you can do > about without adding to the vassal server and requiring all games to be done > in a connected mode. That is an unappetizing restriction on the use of > VASSAL. To address this problem, I'm working on a dice server which permits verification of rolls. Using it won't be mandatory, since (among other things) that would prevent people from using VASSAL offline. The VASSAL interface for it should be in 3.0; most of that code is already written. -- J.
