get a good security for multiplayer game

前端 未结 3 485
情话喂你
情话喂你 2021-01-16 07:04

I made a game using eclipse. I have a server program and a client program. The clients communicate with the server using sockets. If the client starts it sends its username

相关标签:
3条回答
  • 2021-01-16 07:15

    Keep the sensitive state in the server program and have the client request the current value. Then you control it at the server.

    If someone has valid credentials, then they are able to do whatever your protocol permits the user to do within their context. This is something you must control from the server program to prevent unintended operations by the client from impacting on overall integrity.

    0 讨论(0)
  • 2021-01-16 07:27

    ... can i know if the client program is an original one i made?

    No you can't ... unless you control the execution platform on which the client program is installed and run.

    But if you take the approach recommended by Pekka, it doesn't matter. Specifically, if the important state and the actions performed on that state are handled by the server side, then you can implement it in such a way that it doesn't matter if the user has hacked the client.

    In practice though, the interactivity of a lot of games depends on fast interactions between the state and the UI. Putting the state on another system is going to cause problems with "lag" unless you can mitigate this.

    0 讨论(0)
  • 2021-01-16 07:29

    If it is a server driven multi player game, you can design the client apps to request the server to send back a server only decryptable level key and a client readable level number or key. And on a next level change request, make the clients send the previously received level key (i.e. current) and any other parameters as required to identify a client's session state.

    With such server only decryptable level key, clients can't modify it and request with a jump in game levels. Server in turn, will send back with next level key and other related info to the client to continue.

    Though there may exist many active client sessions but to validate and authenticate them there should exist such service at servers.

    0 讨论(0)
提交回复
热议问题