Page 5 of 5 FirstFirst ... 345
Results 41 to 48 of 48
  1. #41
    Join Date
    Jun 2010
    Location
    Kitchener, Ontario, Canada
    Posts
    258
    This horse I think has been beat to death already, let the thread die and lets move on to coding the MMO, everyone in the class has been told not to share resources with none class members. I'd rather we use our creative minds to build and solve game issues rather then waste time on this. I myself am eager to see us start designing our game framework once we get to that point.

  2. #42
    Join Date
    Dec 2002
    Location
    Virginia Beach, VA
    Posts
    861
    I don't find Project-A's last post to be beating a dead horse at all. While true that at this stage Jason's, Nelson's and my time is better spent R&Ding core functionality and worry about security when we have have something to protect there is no harm in someone doing some initial research into the topic. In fact it is quite beneficial to the project and it could be helpful for everyone else in the class who endeavor to build there own MMO as well.

  3. #43
    Join Date
    Jul 2006
    Location
    San Diego, CA, USA
    Posts
    897
    I appreciate the topic and am glad Project-A brought it to our attention. While I knew you could reverse engineer .NET code with reflector I sort of assumed Unity obfuscated it for us as a build step. I know differently now which is helpful for future commercial products. I agree with Lee in that he and company shouldn't get too off track with this and continue with the awesome work you're doing. Having this topic started is something we need to consider perhaps not for this MMO since the purpose of this class was clear, but for other endeavors we each might pursue.

  4. #44
    Join Date
    Feb 2011
    Posts
    16
    Project-A's coding: It looks really promising, you are doing a lot of good stuff: )

  5. #45
    Join Date
    Dec 2005
    Location
    Connecticut
    Posts
    626
    Honestly, I couldn't see this turning out any other way. Even if he didn't post directions on how to do it, you guys are still releasing unsecured demos to people on the internet. Just because a bunch of us don't know how to do this stuff doesn't mean you're much safer. People in the class who want to copy and redistribute content you give to us will, in all likelihood, know about these methods all ready.

    As much as it sucks for us legit members, and as much as it sucks for you, I just don't think theres any way you could safely release stuff like this. I'm not sure what exactly obfuscating entails, but I imagine it can be bypassed anyways, and thus not worth the effort since the leakers will probably know how to do that as well. As lame as it is, I understand entirely your decision to not release much stuff like this in the future, and indeed, I figured it would come to this given your policy on the source code.

  6. #46
    Join Date
    Nov 2001
    Location
    Dickson, TN
    Posts
    5,649
    Honestly, why are we still wasting time in this thread? We should be investing our energies into other, more important topics. We will be revisiting security in the future. We will continue to release demos in the very near future as well.

    Buzz

  7. #47
    Join Date
    Jan 2011
    Location
    Blackpool, UK
    Posts
    853
    Might I suggest that anyone with general Unity security concerns discuss them on the Unity board (it's a bit underused at the moment), as this really does only apply to people's personal current Unity projects and not really the MMO at this stage. Also it'll be of benefit to Unity users who aren't actually members of the MMO class or necessarily even member sponsors.

    I'd personally like to learn more about code obfuscation etc but to my mind only as it applies to live things/"projects" (sorry Nelson) I'm actually working on which aren't related to MMO.

  8. #48
    Join Date
    May 2007
    Location
    Minnesota
    Posts
    12
    Quote Originally Posted by DaneC020 View Post
    Well I have to agree with Zak whole heartedly. It is one thing to mention there is a concern and another to tell everyone how to "hack" things. For me that is the most upsetting part about this post since you are essentially bypassing their wishes to keep this as an R&D stage by telling people how to get the code.
    -Dane
    Dane, the OP didn't share anything that many of us didn't already know. I understand Zak's response but also think it is not aligned with the point of the original poster, which was to have a student-involved dialogue about Unity code security (and to make people aware of code security issues if nobody has thought of it before). As students, I'm guessing most of us don't have a lot of daily opportunities or motivation to learn more about code security, but let's be honest about why most of us are here: we all would love to make an MMO of our own. So there is a lot of educational value for our personal projects if we can discuss code stuff that isn't necessarily about the 3D Buzz game, though obviously we want things to be relevant/on track for the point of the forum. I just think that in this case the topic was a very natural one that in no way indicates people are trying to get at the code for the class MMO to misuse anything. Really, it's just that I think anyone considering an indie MMO (a few devs, no "security experts" on staff) would probably want to know about some options for sharing demos and work-in-progress builds safely.

    If anything, it's good to let people know the code in these demos are NOT secure and should under no circumstance be distributed/shared outside of class here. I can easily see some non-coder student sharing something they thought was securely compiled and not realizing they exposed code.

    BTW, I highly recommend Steven Davis's book Protecting Games (a security handbook for game devs). He comes from a government software security background but his passion is game software... it's really excellent stuff and goes way beyond the usual advice about not trusting the client. He is a developer himself, but has also worked on classified CIA software projects so I believe him to be a fantastic "hidden gem" of game security knowledge in the industry.

    The truth is you can't trust anybody's client, the network connection, the server, or the game's design in many situations. If controlling the code on the server was all it took to secure networks, we wouldn't have half the security problems we have in corporate IT. There is a lot you can do in the early game architecture stage that people might not realize, but I think the most surprising idea in his book is that secure online multiplayer games start with secure gameplay design (the non-coder designer's decisions about how things work have an unexpectedly large impact on how easy or futile it will be to secure an online game). The book covers a full spectrum of game security problems to reduce cheating, and some of that applies to obscuring client/distributable code from prying eyes.

    But in general, if you think your distributed code will ever be "secure" from outside eyes... total pipe dream. At least in this class we all want to respect the code and keep it confidential, so really it's a lot safer to distribute code here to this group than it ever will be to release a game client to the public. Also, I think the class can actually learn a ton from the R&D demo code, whereas the people looking for code in your alpha/beta release are more likely looking to hack the game or steal code for personal gain... basically it makes no sense to me to deny the educational value of R&D sharing today knowing 3D Buzz will have to face the inevitability of malicious code trolling and reverse engineering once they hit alpha/beta and release their real commercial game to the wild.

    Quote Originally Posted by darkmobius View Post
    Might I suggest that anyone with general Unity security concerns discuss them on the Unity board (it's a bit underused at the moment), as this really does only apply to people's personal current Unity projects and not really the MMO at this stage. Also it'll be of benefit to Unity users who aren't actually members of the MMO class or necessarily even member sponsors.

    I'd personally like to learn more about code obfuscation etc but to my mind only as it applies to live things/"projects" (sorry Nelson) I'm actually working on which aren't related to MMO.
    Agree, would be a good topic on Unity forum. I just also think it is relevant to sharing work-in-progress code as well. Also, much of good security design starts with the game design phase-- it's not stuff that gets retrofitted later in a best case scenario. I agree it doesn't fit well here if the 3D Buzz team doesn't want it here though. Their house, their rules!
    Last edited by fatgav; 03-22-2011 at 01:07 PM. Reason: double post

Page 5 of 5 FirstFirst ... 345

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •