[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World D esign)

[Wilburn]

I believe the point JC is trying to make is that say and tell commands
consist of data that has no specific rule as to it's content (other than
tell's target).  It would be possible to modify the client to generate say
and tell commands for you but it's just as easy to type these commands in by
hand.  The only real problem I can forsee would be the user hacking the
client to respond to triggers much quicker than they would be able to
manually.  In most cases this presents no problem but it all depends on your
implentation and wether or not your game includes any time sensitive
listening procs.  Most clients build in some form of Macros which is
esentially the same thing (with or without the trigger ability).


- E.J. Wilburn
WilburnE at Kochind.com
zane at supernova.org

> -----Original Message-----
> From:	Jon Leonard [SMTP:jleonard at divcom.slimy.com]
> Sent:	Wednesday, October 14, 1998 2:17 PM
> 
> On Wed, Oct 14, 1998 at 10:29:26AM -0700, J C Lawrence wrote:
> > <ponder>
> > 
> > I fail to see how this is a compromise outside of the case where the
> > claimed originator of the command is forged (already caught by
> > simple veracity checking -- commands for characters can only
> > originate from clients representing those characters).
> 
> Say and tell may not properly fit in the catagory of data that the server
> doesn't care about.  If it's possible to influence the behavior of NPCs
> by talking to them (and it should be!), then this sort of data is just as
> important as things like movement.
> 
> If it does matter, then it's subject to the same sort of predictive
> cheating
> that advance knowlege of random numbers is:  A hacked client only causes
> things to be said when it knows they'll be beneficial/not harmful.
> 
> Jon Leonard