Writing a secure client/server with open source

Ben Finney bignose+hates-spam at benfinney.id.au
Sun Apr 20 11:43:48 UTC 2008


edA-qa mort-ora-y <eda-qa at disemia.com> writes:

> Andy wrote:
> > The general consensus is "The attacker already knows the
> > algorithm" thus revealing the source should not be a problem.
> > Compilation is NOT a secure way of hiding something anyway.
> 
> I agree, but at least it prevents casual abuse of the server. That
> is, a bit of obfuscation is likely enough to rid the game of the
> majority of cheaters or abusers. I agree it does nothing to deter
> the hardcore attacker.

In designing your protocol, you need to assume that once a single
"hardcore attacker" crafts an exploit, they can quickly redistribute
it to "the majority of cheats or abusers".

-- 
 \     "I went to a restaurant that serves 'breakfast at any time'. So |
  `\        I ordered French Toast during the Renaissance."  -- Steven |
_o__)                                                           Wright |
Ben Finney




More information about the Discussion mailing list