[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)

Marc Hernandez marc at jb.com
Wed Oct 14 12:21:24 New Zealand Daylight Time 1998

On Wed, 14 Oct 1998, Adam J. Thornton wrote:

}representational data than the server intends.  But so what?  If I say my
}game is set in a Generic Fantasy setting and you want Space Opera tilesets,
}that's your business.  It'll look a little weird when I add a new creature
}for which you don't have a corresponding tile, and so your server goes out
}and gets the master tile, which doesn't look at all good in a Space Opera
}setting, but that's hardly my problem.

	You should probably do at the very least, spot CRC checks on the
graphic/model data.  In Quake invisibility meant you had an Eye.mdl (model
for displaying just eyes) instead of a player model displayed.  This was a
pretty neat model of invisibility.  Thanks to peoples dark cheating
hearts they would change the model to the regular player model.  Thus
invisible people werent.
	In TeamFortress (free Quake add on) people would change the models
to all 'full bright' colors (colors that arent changed by shading and thus
are visible in the dark corners).  They would also cut out sections of the
map.  It didnt change the collision detection or anything (this is done on
server) but it allowed them to see through walls and plan ahead and/or
warn their teamates.  
	Since the velocity vector and the rotation angles were sent people
could also run in one direction and fire in another. Since the client
needs to know where objects are to diplay them autotargeting and firing is
another cheat.  In an RPG this would be slightly less of an effective
cheat (assuming your chance to hit is based on some sort of % (however
calculated) and not the intersection of 2 objects).
	This is just the in-play stuff.  Then there is all the spoofing of
packets to crash servers etc.  People would crash the servers I had up
(using 256k of my bandwidth to allow _free_ play) for NO reason, let alone
if they felt slighted.  
	Im sure Mr. Koster has reams of paper describing all sorts of
cheats done in UO.
	In my current project (3d) I am hoping to do some processing on
the client end (theoretically collision detection).  However I have NO
trust in the client data, which is just enforced by all the cheating in
quake and the cheating in UO.  Im even wary of sending ... precached data
(such as data that states there are people in the next (currently
invisible) node).  Cheating is disgusting in any form.
	Is there any way to stop other processes from at least writing and
preferebly both reading and writing a Win 95/98/NT processes memory? Is there 
any way to stop programs from being run via a debugger or at least detect
	I hate cheating.  Course I also dislike most hint books, but that
is just cheating yourself (and the universe has no hint book).  

Marc Hernandez		marc at eisoftware.com
Programmer		www.eisoftware.com

More information about the MUD-Dev mailing list