Unique BZFlag installation ID?

Make suggestions for improving one of the best games on the net!
Post Reply
mr64bit
Private First Class
Private First Class
Posts: 89
Joined: Fri May 06, 2011 4:58 pm
Location: Hang on, let me get a map...
Contact:

Unique BZFlag installation ID?

Post by mr64bit »

Maybe this has already been presented, discounted and forgotten, or is in the development road-map. I'm not sure, but I thought I'll ask anyway.
What if each BZFlag installation had a unique alphanumeric installation ID, stored in the Windows registry. (not sure about mac or linux) That way, an admin could ban regardless of a registered callsign, and ban instead by the installation ID? Then the only way to evade that ban would be to edit the registry. I know, it's not a huge obstacle for someone good with the registry, but I think it would help. That way, there would be an option between IP ban, and banning the whole IP range. Any thoughts?
---mr64bit
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Re: Unique BZFlag installation ID?

Post by JeffM »

A cheater would just find it in the registry and change it.

They would know where it is because they HAVE the source code. This would probably only work ONCE since all it would take would be a single person to post the info for it to become useless.

Obfuscation and Identification are not the only aspects of security.

It would be simpler to require registration for all users.

Personally the solutions I see are not to provide more tools to ban people but to remove the exploits that people use to be jerks, then there is no reason to ban them....
ImageJeffM
User avatar
L4m3r
Hater of Everything
Hater of Everything
Posts: 724
Joined: Tue Feb 08, 2005 5:15 am
Location: Los Angeles

Re: Unique BZFlag installation ID?

Post by L4m3r »

...And to answer the first part of the question, yes, similar identification techniques have been suggested many times before.

Ultimately it wouldn't even matter where the installation ID (or hardware ID, or whatever) is stored. Servers would have to query the ID through the client, so a dedicated cheater could just fix it there. If this was implemented, one of the serial cheaters/troublemakers would just release a patched client that sends a randomized ID at each join, probably within hours of release.

You can't trust the client with anything, especially in open-source software. This is also the primary cause of most cheating issues in the game. Fixing those design issues is far more productive than making better band-aids for them, as JeffM explained.

"Secure" installation IDs would not help either; authenticating them wouldn't do anything more effectively than increased use/requirement of global registration, again as explained by JeffM. I think that facilitating registration for new players will be the eventual solution (in-game registration is on the development roadmap, iirc).
Optimism is just a milder alternative to denial.
Beardy
Private First Class
Private First Class
Posts: 50
Joined: Tue Nov 22, 2011 2:33 pm

Re: Unique BZFlag installation ID?

Post by Beardy »

L4m3r wrote:If this was implemented, one of the serial cheaters/troublemakers would just release a patched client that sends a randomized ID at each join, probably within hours of release.
I don't know if this has already been suggested, but what about simply slowing the cheaters/malversants down ?

Maybe like this:

1) When a callsign is entered in the client a ID stored ID (random value) is also retrieved. If the ID is not present one is generated (on the client!).
2) When the player contacts the list-server and this name and ID combination is not yet present its stored together with the current time.
3) When he player wants to enter a game the name and ID are send, after which the server verifies they are older than some set time (ranging from a few minutes to something like a day). If the combination is not present or its not old enough the player is rejected (with an apropriate message ofcourse).

Even if a malversant would want to generate random IDs to known callsigns it would take him a lot of time to hit an existing one. When the game-server than auto-bans multiple failed attempts coming from one IP for a something between a few minutes to an hour or so this could become quite time-consuming (rebooting the modem to get a new IP also costs time).

Pretty-much the same method as for name & password combinations now I think of it.

Point #2 could also be implemented on the game-server itself (combined with point #3 ) , but than the player has a wait-time for each server he wants to access.
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Re: Unique BZFlag installation ID?

Post by JeffM »

Since you are sending the ID to a game server, a game server run by a jerk could simply collect IDs and reuse them.

With the current system the only thing sent to the game server on log in is a temporary token that is then verified with the list server.

The point to remember is that you can NEVER trust the client to send you want you expect and must verify all data using known code (code not run on the client).

I'm not sure what you are trying to prevent? it sounds like you are just trying to create an ID for non registered players based on name. If the client can generate random IDs for every name entry then that doesn't make it hard for someone to just make a new name and get a new ID from the client....
ImageJeffM
Beardy
Private First Class
Private First Class
Posts: 50
Joined: Tue Nov 22, 2011 2:33 pm

Re: Unique BZFlag installation ID?

Post by Beardy »

JeffM wrote:Since you are sending the ID to a game server, a game server run by a jerk could simply collect IDs and reuse them.
Thats something I did not think about ...

But I think that could be solved by generating a different ID (random value) for each game-server.
JeffM wrote:With the current system the only thing sent to the game server on log in is a temporary token that is then verified with the list server.
And the biggest problem there is, apart from the single point of failure, player being forced to give up their anonimity. If that is not an issue than the problem has already been solved ...
JeffM wrote:I'm not sure what you are trying to prevent?
Its not about prevention, its about slowing down. Someone who misbehaves can have its ID removed, meaning that he needs to generate another one -- which cost time.
JeffM wrote:it sounds like you are just trying to create an ID for non registered players based on name.
Not based on, but connected to it. Its just there to make the combination unique.
JeffM wrote:If the client can generate random IDs for every name entry then that doesn't make it hard for someone to just make a new name and get a new ID from the client....
Absolutily true. And that new name & ID (random value) combination will get stored, but will not allow access to the actual game until some time after it has been stored. And that causes a slow-down.
JeffM wrote:The point to remember is that you can NEVER trust the client to send you want you expect and must verify all data using known code (code not run on the client).
Again true. And that is why the list/game-server compares the send combination to a list of stored ones.


There is one drawback I did not realize until I later: A person could generate a bunch of names and IDs upfront, and use one after the other. Currently I have no idea how to effectivily counter that.
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Unique BZFlag installation ID?

Post by blast »

All this does is make more work for the developers and does nothing to solve the real problem.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
Beardy
Private First Class
Private First Class
Posts: 50
Joined: Tue Nov 22, 2011 2:33 pm

Re: Unique BZFlag installation ID?

Post by Beardy »

blast wrote:and does nothing to solve the real problem.
1) And that real problem is ?
I don't think its mentioned in, or referred to this thread. As such I have no idea what you mean here.

2) And the current solutions have solved it how ?
As the problem persists I think I can say that other "solutions" you guys came up with have not helped either.

3) Without sacrificing anonimous playing is there any way that the problem can truly be solved ?
And thats the bonus question. My suggestion was to keep anonimous play, but make it harder for "the bad guys" to wreak havock. Not a perfect solution, but maybe a (strong) deterrent.
All this does is make more work for the developers
No, currently keeping an eye out for malversants and ejecting them from games is not a day-to-day job for admins. :-\

I thought that we could truly discuss the merrits of my suggestion, but if that is all you guys can say than have it your way.

Bye.
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Unique BZFlag installation ID?

Post by blast »

This would NOT slow down the bad guys and would just have a negative effect on everyone else. So now new players can't play for a day? What a great way to kill off the game completely. A player wants to play on a different computer? Oh, they can't, they have to wait a day for their client generated ID to be valid... I don't see ANY positive side to your idea. The bad guys will just pre-generate a lot of IDs, and the people playing legitimately will be unable to play.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5196
Joined: Fri Dec 13, 2002 4:11 am

Re: Unique BZFlag installation ID?

Post by JeffM »

The real problem is a way to deal with people that abuse the problems in the game to cause grief for other players.

the proper solution is to fix the game to minimize what people can do to be jerks.
ImageJeffM
Post Reply