Writing a secure client/server with open source
Ben Finney
bignose+hates-spam at benfinney.id.au
Sun Apr 20 11:43:48 UTC 2008
edA-qa mort-ora-y <eda-qa at disemia.com> writes:
> Andy wrote:
> > The general consensus is "The attacker already knows the
> > algorithm" thus revealing the source should not be a problem.
> > Compilation is NOT a secure way of hiding something anyway.
>
> I agree, but at least it prevents casual abuse of the server. That
> is, a bit of obfuscation is likely enough to rid the game of the
> majority of cheaters or abusers. I agree it does nothing to deter
> the hardcore attacker.
In designing your protocol, you need to assume that once a single
"hardcore attacker" crafts an exploit, they can quickly redistribute
it to "the majority of cheats or abusers".
--
\ "I went to a restaurant that serves 'breakfast at any time'. So |
`\ I ordered French Toast during the Renaissance." -- Steven |
_o__) Wright |
Ben Finney
More information about the Discussion
mailing list