• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
timetopat

Why is it that some say that open source multiplayer games are less secure?

9 posts in this topic

After reading a thread on a gamedev subreddit, there came the topic of open source games.  The person claimed that they are less secure than their counterparts with the source code that is closed.  He said it was easier for people to see the inner workings of the server and exploit, compared to the black box approach of not knowing how the server works.  This does not seem correct to me however.   Open Arena seems to be ok and is open source.  Also if a lot of logic is done on the server side, wouldn't it be just as hard to cheat? 

Are open source multiplayer games less secure?  What have I not considered?

Thank you, I am very curious about this topic.

0

Share this post


Link to post
Share on other sites

Speaking from personal experience as both a game dev and "1337 h4x0r" (doh!) I can say that my last little project - an aimbot for the open-source multiplayer game engine Assault Cube (http://assault.cubers.net/) - was far easier to accomplish having been able to surf the C code itself.

 

It doesn't necessarily make the impossible possible, it just makes the possible more readable and apparent.

0

Share this post


Link to post
Share on other sites

Its true, but if closed-source software implements no other measures then the kind of "securtiy" it has is derisively called "security through obscurity" in secutrity/hacker circles -- that is to say, it has no security other than being obscured from plain view. It doesn't provide any protection from would-be cheaters as such, it just relies on hope that people will be detered by it not being readily accessible. History shows, however, that even moderately-popular software, closed-source or not, becomes a worthwhile target for crackers and cheaters eventually.

 

Its a bit like burying your money in the back-yard; instead of the real security of a bank-vault, you rely instead on the obscurity of its location in your yard. But if its known that the money is indeed in your yard, and its known that the score will be worthwhile, then you'll soon start to attract nefarious types.

 

Unfortunately, most open-source games implement little in the way of *actual* security either -- so in effect, many of these games are hiring sky-writers to publish the exact location and dollar amount of their hidden treasures for all to see and in the common tongue.

 

Its certainly easy to "crack" an open-source game or server, but its really a bit of a misnomer that that closed games are more secure simply because they are closed.

0

Share this post


Link to post
Share on other sites

Open source makes finding exploits a lot easier. If you play it fast and loose, it'll be a lot quicker for hackers to find exploits within the code or even your design assumptions. If your game isn't particularly secure but the code cannot be reversed engineered easily, it can take more time. Ultimately, if your game is popular, you will be found out either way. 

2

Share this post


Link to post
Share on other sites

By being open source, hackers have more access to your code.  By being open source, people concerned about security have more access to your code.  Gotta grit your teeth and hope that the latter are contributing more than the hackers are able to hack with source knowledge.

0

Share this post


Link to post
Share on other sites

I think making it easier to find exploits is actually a good thing. If everything is closed source and someone malicious exploits it for their benefit then that's all they're able to do. Open source at least allows them to contact you and explain exactly what the problem is. I think It's much better to get hackers on your side rather than banning them as they're probably going to be more willing to help you fix problems rather than using them to ruin the experience of others.

 

That's the attitude I'm going to have at least if people start hacking my game, I'll embrace it.

0

Share this post


Link to post
Share on other sites

What these people miss is they are comparing apples to oranges.  You cannot compare a commercial closed source game that was built to make money, to an open source game that is someone's hobby. 

 

The fact is that all kinds of businesses that handle sensitive data use open source end to end. If closed source was inherently more secure, then you should be seeing linux and other open source applications that are popular on the internet getting hacked much more often then windows and it's closed source versions.  But that simply has not happened.  

 

I'm not surprised that this attitude prevails in the game industry.  One of my biggest complaints about the game industry is how little it contributes to or understands open source.  Here are a couple of things that actually happened to me while working at a large game studio. 

 

- Senior engineer in another division telling me they don't do unit testing, because they have integration tests.

 

- Same guy didn't understand why git would be better then a wiki page for code sharing.

 

- On multiple occasions we came up with bug fixes for everything from the linux kernel to nginx.  Never contributed any of that back.

 

- I was not allowed to work on any game related open source projects while working at the company.  

 

And of course this same company used open source everywhere.  They would never have gotten to where they were without it.

0

Share this post


Link to post
Share on other sites
Why do you believe that all closed source games are built to make money, and all open source games are built as someone's hobby?
While I'm sure the correlation coefficient is greater than zero, I'm also sure that it's not one.

Regarding taking open source without giving back, I also know of companies that do that, but most of them are not as bad as Goldman Sachs, which reportedly rips out all copyright/license from libraries they take, and change it to Goldman Sachs proprietary, and then throw programmers in prison if they actually abide by the original license.

Anyway, yes, you find varying degrees of maturity in all walks of life, and there exists large game studios that are very mature, and others that aren't. You also find hobbyists that are very mature, and others that aren't. In the end, maturity is much more important to the quality of code produced than most other axes. And when it comes to security, code quality is a lot more important than most other factors. You can make a fun, commercially successful game on top of terribly misguided rendering code. You can't make a secure system on top of misguided security code. Edited by hplus0603
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0