Trylon wrote:That would be where the checksums come in. The client should send a checksum of the prp file through for verification.
Of course, that doesn't prevent a modified client from sending in a valid checksum and then using a modified prp file.
Exactly, and that makes the send-checksums-to-server a total waste of resources, just like redownload-python-each-startup.
Actually, NO, it doesn't make it a total
waste of resrouces. In fact it plays a vital role in ensuring that unmodified
clients are synchronized to the prps and python files that the server uses.
With multiple servers going online there are bound to be a number that run different versions of specific content. If those aren't properly synchronized it will be disaster.
(Note 1: I'm not talking about a difference in plasma versions. I'm assuming that whatever will happen there will be some sort of "standardized" client/server that most people will use, just like what happens on most OSS projects)
(Note 2: I agree that the re-downloading of python files is utterly pointless. It should just be verified the same way as the prp files)
(Note 2: I don't really care if the server checks the checksums or the client. The latter would be better for server performance I guess.)
diafero wrote:So I would spend my efforts on the server, hardening it against malicious clients. The clients only needs to make sure people don't accidentally circumvent the dataserver, something which can easily happen in UU. And of course, it needs to behave in a defined way if it gets messages from a malicious client the server could not filter out.
Yes, I totally agree on that. It's unmistakable that there will be some attempts to gain illegitimate control over servers, but their impact should be minimized server-wise..
Though I do believe that Uru provides a lot less incentive for malicious hacking than e.g. Runescape or SL. With there no being any economy or notable property in URU and all....
One day I ran through the cleft for the fiftieth time, and found that uru held no peace for me anymore.