[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)

Jon Leonard jleonard at divcom.slimy.com
Wed Oct 14 12:16:56 New Zealand Daylight Time 1998

On Wed, Oct 14, 1998 at 10:29:26AM -0700, J C Lawrence wrote:
> On Tue, 13 Oct 1998 19:41:40 -0600 
> Chris Gray<cg at ami-cg.GraySage.Edmonton.AB.CA> wrote:
> > [J C Lawrence:]
> >> 3) Data I don't care if its correct or not.
> >> Examples of each:
> >> #3 Predictive data from clients, or data from clients that
> >> doesn't directly affect world state (eg SAY, TELL).
> > Only if no NPC hears what is spoken and acts on it. E.g.
> >     tell packrat to kill Chris
> <ponder>
> I fail to see how this is a compromise outside of the case where the
> claimed originator of the command is forged (already caught by
> simple veracity checking -- commands for characters can only
> originate from clients representing those characters).

Say and tell may not properly fit in the catagory of data that the server
doesn't care about.  If it's possible to influence the behavior of NPCs
by talking to them (and it should be!), then this sort of data is just as
important as things like movement.

If it does matter, then it's subject to the same sort of predictive cheating
that advance knowlege of random numbers is:  A hacked client only causes
things to be said when it knows they'll be beneficial/not harmful.

Jon Leonard

More information about the MUD-Dev mailing list