Thread: Complete n00b Question, Client -> Sever MMO Program?

Just some notes first.

Using,
Sharp Develop,
.NET 1.1,
C#,
Managed DirectX.


Info, Well what i am trying to do is simple in nature, have a client -> server communication system. Where numerous clients connect to one server and simply share data both ways. Creating the ability to run various things, but the end goal is a MMO Simplistic game. But for starters a simple chat.

To my knowledge .NET has some chat app but without a heavy understanding of it, it does me absolutely no good.



Question 1.)
To have a SECURE (as in no hacks to the server or its clients), how could this be done? I know nothing about the topic so i have yet to google it because, as said, i know so little i don't know what i need to research. So even pointers on what to look for so i can find tutorials and whatnot would be awesome.


Question 2.)
How hard is it to make all that secure? I would be running the "server" off of my personal computer and i am not a programming expert so i don't know if it would be extremely hard to make a secure & safe connection or not..


Thanks to any replies, Anything of concept help and terms to look up is awesome, also get as technical as you want.. i just may not immediately understand it...

Thanks again!

If you are designing a game, have a firewall that will only let a single port through to your server. That should take care of 99.9% of attacks. Make sure it's a hardwarwe firewall, like one that is built into a router or something.

For hacks & cracks of the game itself, the first and most important design decision in internet gaming is never trust the client. The client is enemy territory. Don't let the client make ANY decisions. All decisions and all checks have to be made on the server. Only commands from the client and feedback to the client is allowed.

Example: Two people roll a dice. Highest wins.

a) You can now have each client roll a dice and send the result. The server compares both and sends feedback about who won.

b) You can have both clients send a dice rolling command to the server. The server rolls two dice, compares the result and sends feedback.


Option a) is open to hacks of any kind. One can crack the client and have it send a 7 instead of a random number between 1-6. One can sniff network traffic and exchange the random number that is sent in the packet by 7. One can send a -1 or 0xFFFFFFFF and see if your server crashes. This option is begging to be manipulated.

No decisions are to be made on the client. Always assume the client has been compromised. Check all input accordingly. Check if you send any feedback to the client, that the player is not supposed to have. Don't.

The client is in the hands of the enemy.

Edit:
Although people who think "rollback" is an artistic excercise will spew their wisdom about what was hacked or cracked on boards of the respective games, don't believe all you read.
I've been on both sides of the fence and no one in his right mind would actually "crack" a game server. It's hard, it's no fun, it takes time, someone will be after you. Deleting someones account is easy and either done by someone who was inventive enough to try and see if account and password are the same and got lucky, or a close friend who had the password and was mad or it was the "good" cheat he used that secretly sent his password to the cheats coder.

I think it's safe to assume that your server is safe while your client is hacked. That's the way it will be. Don't focus on the client, there will always be someone with more time on his hands to crack the client, write a bot or cheat or something. Focus on the server and make sure that even a compromised client cannot do any harm.

well the firewall may be harder than can be, as i will be a single computer on a housefull all sharing the same router (and actually it will go beyond that as we are setting up a mini professional grade server -> client setup, .. not related to my program, i'm talking actual computer server heh).

As for the actual server's checks, ya i understand that. My main problem is not about the programs being hacked.
It is simply the fact i have no idea how to setup the client(prog) -> server(prog). And do that safetly. Like how does all these IM (Aim, Yahoo, Msn, IRC, etc.) programs keep the user safe, because not everyone has every port blocked but one.

So ya, can anyone give me some keywords atleast to how i can achieve this program to program connection over the internet?

like for example, do i use sockets, etc? I know so little its not funny, and im scanning different keywords to try and distinguish what i need, but i would much appreciate a comment on which would best suit my needs. Thanks!

ok, i've taking some crash course C# Socket courses, and i think i'll start toying tonight.

I prob shouldent be messing with them this early on without knowing the "cause & effect" possibilities first, but hey, i like toying ... though it will involve a friend .. lol