MMORPG safety
Monkey Forums/Monkey Beginners/MMORPG safety
| ||
I am thinking to do a small mmorpg style of tibia or others, but I am worried about the safety. if I use the modules( brl.tcpstream, brl.httprequest, brl.socket or brl.url) Can I do a MMORPG with those tools? Will be safe my files on the server? i mean, if anyone send some information to the server that he has infinity gold. |
| ||
1) I'd suggest to step back a bit. 2) Do a smaller project first. 3) Never (NEVER) trust client data. The server should always be authorative. 4) TCP is fine. World of Warcraft uses the TCP protocol, too. 5) Don't underestimate network programming. |
| ||
ty |
| ||
I'd like to add a 6th and 7th one to that... 6) Are you sure you mean MMO and not just MO? 7) If you don't know the answers to your own questions, for your own sake, just don't do it. I used to (privately/not so legally) develop for a big game server. Monkey really doesn't have the capability to do the kind of networking you need. Not to mention you'll want a lot of experience dealing with security before you go into it. I had years of backend security developing before I did any of that. Last note: Gamedev.net has a ton of these types of threads and at one point I remember there being this funny post that summed it up well. Can't find it anymore, but I did find this, so maybe take a look: http://www.gamedev.net/blog/355/entry-2250155-why-you-shouldnt-be-making-an-mmo/ or http://www.gamedev.net/topic/525958-so-you-want-to-make-an-mmorpgstart-here/ |
| ||
Yes this is perfectly possible. Server side Monkey is not ideal bu it can be done. I wrote an online RPG in Monkey (server in BlitzMax). I really recommend starting with an offline game, get basic gameplay working (AI, Inventory, Movement, Animation...). You can get there. If you don't know the answers to your own questions, for your own sake, just don't do it. It would be both brilliant and stupid if he knew the answers to his own questions... Its obvious he means MMO... |
| ||
When I wrote this If you don't know the answers to your own questions, for your own sake, just don't do it. I was more referring to this part... Will be safe my files on the server? i mean, if anyone send some information to the server that he has infinity gold. You shouldn't dive headfirst into developing an online anything if you have trouble answering these questions by yourself. |
| ||
I mean MMO. I have the skills to do the basic gameplay (like AI, Inventory, etc... for single player or multiplayer in same pc) But I lack of skills to do the safety and server issue, the server issue I think I can learn over the internet, but for the safety it's harder. I just was wondering if monkey could do this thing with those modules easily. I was thinking to do something simple, 1)like buy one server to be on all time, 2) the user creates account on server, 3)the account is saved in the server (separed files)with all itens and gold, 4)and the user has limited acess to the server and files with the client. But I am ignorant over subjects like ddos attack and others if it is too hard to do, maybe I should focus on games with local like diablo 2 or terraria. |
| ||
AI and inventory and so on all need to be coded on the server. The only work you do on the client is display and interface work, plus enough networking to talk to the server. I would agree with those above saying it is too hard if you are unfamiliar with it. I would suggest that if you really want to learn massively multiplayer coding, you start by grabbing one of the many MUD codebases and hacking away on it for a while. |
| ||
First of all let me say this, personally I think its a shame when people tell others not to even try no matter what it is, I can totally understand why their saying it tho, possibly a thousand people will ask about making an mmo over the internet every day on some random forum or chat channel and probably 1 in a thousand of them could actually pull it off if they actually tried it, but I would argue that ALL of them would stand to learn a great deal in the process of learning, so telling some guy who asks, "no don't do it" I think is a bad call, and your depriving him the chance to learn a lot of cool stuff, even if he's probably going to fail. I recall similar posts on BlitzBasic, and if my memory serves me correctly and I am sure I still have the full source for it some where, there were two actuall mmo engines built with blitz, one which I messed with a little and another which I sadly didn't get a look at, neither of which would have been made if the guys behind them accepted the replies when they were told it could not be done. More recently I recall the tale of a guy who while talking on some forums suggested making an mmo zombie survival game, to which everyone said could not be done, the guy went off and a little while later came back with a working but buggy zombie survival multi player game, That was Dean Hall. So yeah while 9 times out of 10 the guy asking wont be able to complete the task, 10 times out of 10 if they actually try they will learn stuff from it. EDIT: woa sorry for the rant.. I think the best thing to do is make Pong but have it play over a server, once you have some basic functionality working and you have the ability to play a two player game over the internet, then you can start spending time writing your player data protection and encryption, make sure your encryption is not messing with your raw data and then just ramp things up as you get stuff working, once the architecture is in place and can handle a 2 player game open your game up to 100 players all in the same game and see if your code and server can handle 100 little bats zipping up and down, just push it and test for speed, latency, lag check your encryption is all working. If you can get a workable architecture and some basic infrastructure in place and have it working with some really basic game then everything else is just gravy, it's then just a matter of scaling things up 1 notch at a time until you find your sweet spot in terms of max players and server performance. |
| ||
3) Never (NEVER) trust client data. The server should always be authorative. Back in the day, player speed in World of Warcraft was controlled client side. It was hilarious to see hackers zipping around. |
| ||
3) Never (NEVER) trust client data. The server should always be authorative. Back in the day, player speed in World of Warcraft was controlled client side. It was hilarious to see hackers zipping around. There are still games like this. I remember my brother playing this game a couple of years ago that allowed this and you would see someone one second and the next they would be on the other side of the screen. It was pretty funny, although it ruined the balance of that particular game. |
| ||
Yeah I think most games suffer from it at least up until the devs act on it, the hack was actually so easy it's kinda funny, just poke the memory address where your speed was stored with a higher value and away you go, you can leave things like speed client side to save on data xfer but you need to implement a distance traveled check every few time slices, some one moves 100 meters in under 60 frames you know their upto something. This raises the other headache, player health, another thing that actually really needs to be handled server side, I recall playing games where it was and still is possible to poke your health values either making them stupidly high or just making sure they never reach zero. Player inventory is something you need to really watch as well, it's far to easy to create duplicate items in your inventory if you have even a basic understanding of computer programming, you can spot where things may or may not be getting checked, another recently famous issue of this was in DayZ where if you eat something and pushed it onto the floor before your animation finished your player got the health, the item went to the floor and you could just pick it up again, the system knew you ate something, but it also knew you put something on the floor so it caused a duplication of the item. those are fun examples but I think your sole focus should be on protecting your player login data, if that data gets exposed then it will cause far more damage than some one finding a dupe or vendor bug that lets to get infini items for no cost, protect your player data first then fix everything else. |
| ||
Oh another trick while storing those values is to offset them, take player health as an example if your player's health is 0/100 then store them in game as something else, 0/100+healthoffset=Int(Rnd(100,1000) that way their health is offset at runtime and never the same offset so when people go poking around in memeory they will look for the value 100 , not the value 245 100+offset(145) which will hide your data from most of the kids. |
| ||
In the big game I had worked on the health was stored as a double times 100.0 and displayed and used like an integer on the client-side. It really served no purpose because it was all controlled by the server-side. But yeah, lots of little tricks like that will throw off anyone unfamiliar with this sort of stuff. |
| ||
Goodlooking guy... [edit removed... you'v seen it.] Think it might be a false positive but thought I would show you all the same just in case. |
| ||
This is a Chrome bug, so you can't blame me. I removed that part of the sig for now, but this is not my fault. Read this --> http://www.techpowerup.com/forums/threads/google-chrome-malware-warning-for-tpu.179529/ What's next with Chrome, is it going to start blocking Google, Facebook, Twitter, and every common website that exists. Seriously, what a crappy flagging/detection system. Cause we all know that the creator of CPU-Z is really out to get us with his super viral virus. Edit: Note, I know the cause of the Chrome bug now. Flush your DNS cache. This is a Chrome bug. It won't happen again because I'm hosting the image now, but yeah, Chrome DNS cache bug is causing Malware warnings. What a mindf**k. |
| ||
I guess the key thing to do is to get a basic client-server setup operational (running a 'test' game, be it Pong or something else), then at least in further development you won't be facing any issues where you have zero experience. |
| ||
Paul -- I wasn't saying not to try! I was saying "go learn from an existing codebase first." I would be stunned if the folks who succeeded at it with BMax or whatever didn't go through a similar learning process. I suggested MUDs because a) MMORPGs are still plenty similar architecturally b) the code is free and easily available. I do think that it's doable (though Monkey is likely not the right choice for the server. Hmm, maybe if you did a command line build, on Linux?). |