Just so I don't get shunned from the off, I am not trying to make a clone of World of WarCraft, but for now I'm just experimenting with the old formula of a text-based MUD with a couple of twists. The question is, is it possible to release a MUD client under an open-source or free software licence without it opening up the possibility of people easily being able to create auto-trainers or rigged clients (to steal passwords etc.) and the like? I'm sensing that the regular tactics of using encryption to disguise network packets are easily nullified due to being able to analyse the algorithms and the key exchanges that are employed.

Yes it is possible!

From a high level POV...

If your security is based on people not knowing how your system works, that is called "security through obscurity" and while it is better than no security at all, it is not a good security model (:

The good kinds of security are those that people can know everything about how they work and yet still can't do a thing about cracking them.

Take SSL for example. The specs for SSL are widely publicized, yet it's still a secure way to transmit data!

And on the other side of the spectrum you have DVD "encryption". Every dvd player made has to be able to decrypt dvd's so the they make the algorithm and the key's publicly available and they rely on the hope that people won't find out about it who shouldn't know. Then they sue people for releasing software that cracks it!

Very poor security protocol!

anyhow hope this helps (:

bottom line, open sourced does not equate to lack of security, so you should be fine.

Quote:Original post by WaterCrane
The question is, is it possible to release a MUD client under an open-source or free software licence without it opening up the possibility of people easily being able to create auto-trainers or rigged clients (to steal passwords etc.) and the like?

The answer is "no" to both, but the solutions to each are different. Botting is more straightforward than with a closed-source license, but not by much; screenscraping is always possible. The only real solution there is interesting, non-repetitive gameplay that can't be easily botted. Rigged clients are possible, but only really practical if you don't release "canonical" binaries on the main site.

That would of course make for a pretty boring and plain interface, not to mention quite tedious in many cases.

That was the reason behind the custom client; a simple Telnet-based game will have very little to offer over the hundreds out there already, and a visual interface is necessary for even very minor things like an HP bar that doesn't scroll with the text.

I wanted to make it free software so it can easily be ported to other platforms and to offer a means of allowing the community to test and contribute suggestions that could make it into an official build, such as making the interface fully skinnable, for example.

Thank you for the input everyone.

Water if you don't mind C# take a scope at the WheelMud Project.

If you look at the code it could give you some ideas if you don't want to actually join the project.

There are actually clients out there that do this for you like CMUD and ZMUD as well. They are fully scriptable.