Coding network with security in mind
BlitzMax Forums/BlitzMax Programming/Coding network with security in mind
| ||
| So I guess it's a good idea to do that, always keep the security of things in mind. Maybe thinking something along the lines of any value in the client can and will be hacked/changed by someone to cheat. What are some of the most common things you run into when coding network with regards to security? Is there any way or technique to prevent users from changing variable values in memory? For instance change a highscore that's about to be sent to a highscore server, granting the cheater a 1st place? Storing it rc4 encrypted in the variable maybe? |
| ||
| It's a losing battle to even bother doing it. If people are intent to hack and cheat they will find a way around whatever you do. At best you can only deter the less savvy user, and the less savvy user is not likely the one who is going to hack. |
| ||
| That's what I'm talking about, I want to prevent the script-kiddy sort of stuff from happening, like changing variables in memory and such. I am fully aware that anything can and will be hacked, but if I can prevent the simple stuff, that's always a small step. |
| ||
| Is there any way or technique to prevent users from changing variable values in memory? No. For instance change a highscore that's about to be sent to a highscore server, granting the cheater a 1st place? It is usually easier to manipulate the outgoing packet, than the memory. Storing it rc4 encrypted in the variable maybe? No, because you would have to decrypt/encrypt it all the time to read/write to it. A marginally better version would be to have a separate score checksum, which determines whether the score has been tampered with or not, or use a procedural score (one that is defined by a mathematical expression, rather than a single value), or all of the above. Look into "Defensive Programming" - I'm sure Google will be most forthcoming. |
   |