Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Improvement Idea: Better Security
#1
The Problem

Currently in Far Horizons there is no security mechanisms to prevent a malicious player from spoofing another player. It is rather trivial to send out an email with a forged "From" header. This means a malicious person could potentially submit orders for a player.

This is because the current game engine associates only the email address with a particular species.

Sure, you might say this isn't a big deal, because someone else is unlikely to know enough about a player's position to submit orders that work unless he/she has the turn reports.

This is correct, however I am not worried about a malicious user submitting incorrect production or research orders. Rather, an effective attack would be to send in blank orders or orders with syntax errors right before the deadline. Since only the most recent orders are used, this would override whatever the original orders were. Not good!

Potential Solution

Riffing off PBEM Diplomacy, my idea is to make each player have a password. The player would then have to include this password in every orders submission like so:

Code:
SIGNON Species Name, Password

START COMBAT
; Place combat orders here.

END
... and so on

With this model the Species Name, Password combination would be associated with the position, rather than the email address.

This provides a simple and effective way of guarding against spoofed orders. Of course it is not foolproof, if a malicious user figures out the password, then all is lost, but that goes for any security system that uses a password.

Does anyone have any comments or suggestions?
Reply


Messages In This Thread
Improvement Idea: Better Security - by Ramblurr - 03-18-2011, 09:37 PM
RE: Improvement Idea: Better Security - by JonO - 04-06-2011, 12:29 AM
RE: Improvement Idea: Better Security - by JonO - 04-06-2011, 12:43 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)