[MUD-Dev] Trusting the client, encrypting data

Crosbie Fitch crosbie at cyberspaceengineers.org
Thu Dec 18 19:32:15 New Zealand Daylight Time 2003

From: Peter Harkins

> This discussion has veered a bit into reiterating the old "don't
> trust the client", which the original poster never suggested.

Yeah, I only chipped in with my previous post because it was going
that way.

Otherwise, yes, the "provide decryption key at the last minute"
method sounds neat. For a server modelled game, that is.

For large amounts of static data with a long shelf-life, sure, it
may be worthwhile. But, with dynamic data that needs to be fresh,
the time it's encrypted would seem to be too short for any benefit
to the player being able to see it in advance anyway. You might as
well transmit the dynamic data in plain text.

However, for static data...

  As the music industry has found out, once digital content is
  available to one, it's available to all.

Let's say that there was a free p2p based 3D modelling program.

Let's also say that someone produced a dinky little utility that
continuously copied all the visible content received from the server
modelled game into the p2p system.

This would also enable a viewer for any player to see any
information in their vicinity that was obtained from other players.

Many players can effectively collaborate in order to share
information about the virtual world.

So, theoretically, you'd only be able to keep things secret, that
truly were only known to the server and no other player.

But, I expect it'd be a while before that utility was written.

It's a bit like players publishing maps of maze or platform
games. As soon as one player finds something out, it'll get to the
other players via other means anyway.
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list