[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)

J C Lawrence claw at under.engr.sgi.com
Tue Oct 13 14:35:10 New Zealand Daylight Time 1998

On Mon, 12 Oct 1998 23:33:44 -0700 
mark <mark at erdos.Stanford.EDU> wrote:

> Raph Koster writes:

> I'd like to share a few ideas about this "law": Never trust the
> client.  Never put anything on the client. The client is in the
> hands of the enemy. Never ever ever forget this.

I take a more valued approach to this:

  There are three types of data in the world:

    1) Data I trust implicitly to be correct.

    2) Data I don't trust implicitly to be correct, but for which
operational checks will find and correct errors without undue or
specific attention paid to the error or the source of the error.

    3) Data I don't care if its correct or not.

Examples of each:

  #1 World state, the contents of the server DB, etc (ie server-side

  #2 Most world-state affecting data I receive from clients (eg
MOVE, collision, object state change).

  #3 Predictive data from clients, or data from clients that doesn't
directly affect world state (eg SAY, TELL).

> This idea is motiviated partially by "Byzantine agreement"
> protocols where transactions are kept consistent even in the
> presence of multiple compromised servers, and also by the desire
> to make serverless games--- where you _must_ put everything on the
> client.  For example, in distributed "MazeWar", it's pretty much
> impossible to prevent the client from showing the locations of all
> the other players, but it's not impossible to determine that
> another client is cheating (by "teleporting", firing before his
> missile hits anything, increasing his score without a kill, etc.)


True.  The problem of course being that the logical demonstrations
necessary for the veracity checks quickly approach infinity as the
flexibility of the system grows.  Its the old case of the
permutation explosion.

J C Lawrence                               Internet: claw at null.net
(Contractor)                               Internet: coder at ibm.net
---------(*)                     Internet: claw at under.engr.sgi.com
...Honourary Member of Clan McFud -- Teamer's Avenging Monolith...

More information about the MUD-Dev mailing list