Sign in to follow this  

Verifying a message

This topic is 4069 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

My client-server program is coming on really well, I've nearly gotten it to be playable! Anyway, my major concern is about security. Messages are very simple, such as: Param1|param2|param3... Sent from the server to each client. However, someone could easily start sending fake messages to clients and the server. So what's the best way to stop this happening? I've had the idea of: 1) Server sends message 2) Client receives 3) Client sends back message 4) Server sends back 'that's what I sent!', or 'that's not what I sent!' And vice-versa for the client. Is this a fool proof system?

Share this post


Link to post
Share on other sites
First: Is this REALLY a problem you need to solve? Maybe you can wait until you actually have a real need, and accelerate your development that way?

Second: Are you worried about a player trying to change the game for himself, or another player trying to change the game for a first player?

If you're worried about players faking packets for other players, then you need game authentication of some sort.

If you're worried about the player changing the packets for himself, then you need to design the game so that the server makes all decisions, and the rules are such that the player generating his own packets just doesn't give him an advantage.

Share this post


Link to post
Share on other sites
Thanks HPlus,

I've designed it so the server has complete authority over the games, I am purely worried about players sending fake data to other players, as this could effect the opponents decision making process.

I'll read the article you gave me, thanks!

Tom

Share this post


Link to post
Share on other sites
Quote:
Original post by Gullanian
Thanks HPlus,

I've designed it so the server has complete authority over the games, I am purely worried about players sending fake data to other players, as this could effect the opponents decision making process.

I'll read the article you gave me, thanks!

Tom


A client should never be in a position to be requesting vital information from another client. If, for instance, Player B wants to know where and what level Player A is, it should be querying the server who queries its own database rather than asking Player A. Indeed clients should never communicate directly with each other because you can never be certain each client has upload capabilities (think firewall/router etc.). A client should really only send user input to the server and should not be sending position/stats etc.

If you are concerned one player might misrepresent themself as another player beyond reauthenticating the player each command (a time-consuming process I imagine) you are going to have to rely on the socket being secure in the sense it is a unique connection that is unreplicable (so session IDs here) and is beyond interception from a read/write perspective which would more than likely be illegal and would involve packet rerouting of some sort I'm guessing. In this circumstance I don't really know if there is anything you can do beyond requesting a piece of information that is different each time and only available on the actual server/client computers (unavailable to an interceptor). Perhaps implementing RSA encryption would have the double bonus of preventing interpretation of intercepted material and preventing mis-representation of a server/client by an interceptor although you really don't want to be going through the hassle of encryption/decryption for every user key press...

Share this post


Link to post
Share on other sites

This topic is 4069 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this