right, and im the pope [smile].

Alright, produce some code that is 100% secure and will never ever be hacked. Then post the exe on GameDev in the Lounge. I'm willing to bet that your exe will be comprimised in under an hour, and we're not even "professional" hackers.

Absolutely no method is 100% secure. At all.

ronfist you do realize that if you have to resort to insults you have pretty much lost your argument.

theTroll

P.S. I start programming in 1978, I made a few games for the TRS 80 and even got paid for them. In 1984 I joined the Air Force as a Programmer, we worked in ada. I tought myself C and convensed my Captain that it would be better for what we were doing. Years later I earned c++ and object orriented coding and slowly we went that way. I left the Air Force in 1994. I went to school for a few Years before getting a job with Aatrix Software. In 2000 I moved and got a job with Comapq,, I worked there until 2003 went I went to Embarcadero Technology. I stayed with them for just over a year before I got sick. Well now you have my resume. How about yours?

Quote:

Original post by TheTroll I don't want any of you to think this is a flame or an insult but do you think you are the best and most inteligent developers ever? People have been trying to prevent hacking from the very begining, it has NEVER stopped hackers. Yes I am sure there are possible ways of slowing them down and there might even be a way or two of stopping them. But everything has a cost. There are hardware solutions that can prevent hacking, expensive. You could do all kind of network games to try to stop them, but they can intercept the network traffic, do what ever they want to with it and then pass it on to your game. Yes they can even do this on the machine they are on. Because you have no control of the packets after you send them you don't know what the end user is going to do with them. They could prevent all your speacil updates and even send messages back saying that everything is ok. You can NEVER trust the client. Anything you come up with can and will be hacked. It is not because you are not good at what you are trying to do, it is not becuase your ideas are not good, it is because there are a lot of them, and they have lots of time. theTroll

I don't think we should turn this into a flame thread, we had a nice discussion going earlier. I don't think I am the greatest developer ever, but do I need to be the greatest ever to come with ideas and suggestions on how to prevent hacking?

I am fully aware, and I am sure ronkfist is as well, that everything can and will be hacked (if people see a benefit in doing so). But should that discourage us from at least trying to come up with new and innovative ways to delay / prevent hacking? If so, why?

We were just discussing an idea that ronkfist had, I haven't seen it used by any commercial game yet so it could be worth a shot.

And as for never trusting the client, I agree. But even if you only send limited data to the client there are still cheats that can be made, bots in particular, which I think the solution ronkfist suggested could help prevent or at least delay. Also since the exe will be updated rather often, security measures can be taken when bots are released to the public and updated into the client to prevent further usage of such a program.

Personally I am still going to an university for my Master degree and I am most interested in listening to people with experience. So if you have some relevant feedback, perhaps you can poke holes in this idea or improve on it I would be most interested. But if you are just going to tell us how stupid we are for discussing it I don't really care if you have no years or 25 years of experience.

I never said that it was not a good idea, although I feel that for what you get out of it, you would put too many resources into it. What I keep saying is with current technology you are going to be hacked. Hackers don't do it just for benifit, they do it for fun. It is a chalange, something to pit yourself against. I have learned that everything is cost-benifit, although the system presented would help on slowing hackers down, does the cost of developing outway the benifit you are going get?

theTroll

Quote:

Original post by BeiderSo if you have some relevant feedback, perhaps you can poke holes in this idea or improve on it I would be most interested. But if you are just going to tell us how stupid we are for discussing it I don't really care if you have no years or 25 years of experience.

Actually, he said it would be largely futile, not that you're stupid. In any case, I agree with Evil Steve - the holes will most likely be poked in a when there's a binary that can be altered. Until there's something to play with, there's very little way to actually poke holes in it.

Is everybody done waving their genitals about? Can we go back to making games? Oh and for the record, Try making your client source available. Then you really have to think about how you implement the server. I know. I have an open source client. Hell, my server code is open source too. Its probably full of holes that were created by dumb mistakes but its a learning experience, but that's another issue.

Personally I want people to hack my client and make it do cool shit I never would have thought of. The greatest example I can think of in terms of an open client system is web browsers. Web servers know the client can't be trusted so your only choice is to secure the server. Despite living in the land of untrusted clients we still have all sorts of neato keen stuff out there online. Websites get hacked because the server wasn't secure, or social engineering (phishing), not because OMG Ponies! the client got all warezed up.

OK, I just re-read my post and I sound like a ranting asshole. Sorry about that, try not to take it personally.

Quote:

Original post by TheTroll I never said that it was not a good idea, although I feel that for what you get out of it, you would put too many resources into it. What I keep saying is with current technology you are going to be hacked. Hackers don't do it just for benifit, they do it for fun. It is a chalange, something to pit yourself against. I have learned that everything is cost-benifit, although the system presented would help on slowing hackers down, does the cost of developing outway the benifit you are going get? theTroll

Personally I didn't really think of the cost of implementation of such a system though, I'm quite sure it would take some time to develop. I don't think maintainance of such a system will be very expensive though once it is in place, except if you have to update your code and add new security features to counter new hacks. But if we assume this is for an MMO as this security feature probably would be best used for MMOs, there should at least be a few guys working on security issues anyway for an MMO. And also the revenue streams of some of the larger MMOs can certainly fund such a development. But of course we do not have their revenue streams, but either way I think it is an interesting idea.

The strongest point I see about it is the fact that the security can be upgraded transparent from the users (no patches to download) and suddenly their bots and what not will stop working. If you are a bit creative in making comprehensive changes to your security system once in a while, or have a bunch to switch between then you might be able to keep hackers in check for a while.

Quote:

Actually, he said it would be largely futile, not that you're stupid. In any case, I agree with Evil Steve - the holes will most likely be poked in a when there's a binary that can be altered. Until there's something to play with, there's very little way to actually poke holes in it.

You are right, I apologize for misreading it. I just sat with the general feeling after reading some posts that we were labled as stupid just for wanting to discuss it. And you are also probably right that discussing this further will do us no good unless someone comes up with something new. I'll see if I get time to put together a test program for this because it seems quite interesting, that is if ronkfist doesn't do it first.

As for the cost, because you would have to keep patching the hacks that people came up with you would be in consent developement. So you would have to have all the devs and testers. This is not a cheap process. You would need to have a revenue stream to maintain that.

theTroll

Quote:

Original post by TheTroll I never said that it was not a good idea, although I feel that for what you get out of it, you would put too many resources into it. What I keep saying is with current technology you are going to be hacked. Hackers don't do it just for benifit, they do it for fun. It is a chalange, something to pit yourself against. I have learned that everything is cost-benifit, although the system presented would help on slowing hackers down, does the cost of developing outway the benifit you are going get? theTroll

What I don't understand is that with all the experience you got, with the thousands of methods you have researched, you were unable to find a hole in my idea. (is the idea I have one of the thousand methods you researched?)

Seriously, find a way and I'll say I was wrong, but uptill now you've been saying the same thing over and over.

Did someone ever try to explain a catholic that God doesn't exist? I tried and this feels the same way. It's like you are talking to a wall, they hold on to their belief as if they are afraid of something... .

I don't care about the cost-benefit, this is indeed not an easy solution, but else what's the challenge?? How can you enjoy programming if you are not innovative?