Improvement Idea: Better Security

[Ramblurr]

The Problem

Currently in Far Horizons there is no security mechanisms to prevent a malicious player from spoofing another player. It is rather trivial to send out an email with a forged "From" header. This means a malicious person could potentially submit orders for a player.

This is because the current game engine associates only the email address with a particular species.

Sure, you might say this isn't a big deal, because someone else is unlikely to know enough about a player's position to submit orders that work unless he/she has the turn reports.

This is correct, however I am not worried about a malicious user submitting incorrect production or research orders. Rather, an effective attack would be to send in blank orders or orders with syntax errors right before the deadline. Since only the most recent orders are used, this would override whatever the original orders were. Not good!

Potential Solution

Riffing off PBEM Diplomacy, my idea is to make each player have a password. The player would then have to include this password in every orders submission like so:

Code:

SIGNON Species Name, Password

START COMBAT
; Place combat orders here.

END
... and so on

With this model the Species Name, Password combination would be associated with the position, rather than the email address.

This provides a simple and effective way of guarding against spoofed orders. Of course it is not foolproof, if a malicious user figures out the password, then all is lost, but that goes for any security system that uses a password.

Does anyone have any comments or suggestions?

[paway]

I'm of the opinion that this should be unnecessary.

Any lowlife who would stoop to spoofing orders for their opponent is probably not interested in reviving Play-By-Mail games. However, in the event that my faith in humanity is not justified, I think that there is still no need to add security measures at this point.

If someone does spoof a turn, the turn can be re-run. Once the culprit is discovered, they will surely be ostracized from the PBM community. There is little reward for attempting to do this, and a great deal of risk. Even a sociopath should be able to weigh the pros and cons and decide that not cheating is a better strategy than cheating.

Personally, I would wait for at least a single instance of this behavior occurring before implementing security measures.

[prozenfeld]

I completely agree with the previous post.
Additionally, please note that email used to register / send orders IS NOT publicly available. If you are paranoid about spoofing, simple use another email for in-game diplomacy. Message relay system proposed in the other thread also fixes this vulnerability.

[JonO]

Ram, Of course you should trust your players: trust and verify. You need to implement as much security as possible. Strongly suggest you one-way encrypt the password and send only the encrypted version to your database.

[Ramblurr]

If this was a web game (and it might yet be), I would agree. This proposal specifically dealt with email, which is an unencrypted medium (well, no one has asked for my PGP public key yet...) , so any sort of encryption in the passwords would be vulnerable to a replay attack.

[JonO]

Doh! Read twice, answer once. . .I'll have to remember that.