|
Rocketman Raymaker
Registered User
Join date: 4 Feb 2007
Posts: 530
|
06-27-2007 05:54
hi there, i have been working on some games and a vendor and am about ready to start selling them. The money methods are all contained in the parent prim inside a single script however i was reading this thread here /54/70/191274/1.htmlso now now im thinking maybe i am not almost ready. My questions is do i need to use encryption for the games i have created and the vendor i will be selling them in? when i look at all the vendor and gaming scripts people have posted i never see any encryption code so this is why im not sure and, how do i write this encryption into my game? i dont know really know much about it and have know idea where to begin writing this code
_____________________
"Proud member of the anti-ginko busy body committee"
|
|
Milambus Oh
Registered User
Join date: 6 Apr 2007
Posts: 224
|
06-27-2007 06:06
You only need encryption if you are communicating with another script or object. If all of your code is handled within one script, then you should be fine without encrypting anything.
|
|
Lyn Mimistrobell
(waiting)
Join date: 11 Jan 2007
Posts: 179
|
06-27-2007 07:22
Even (or: especially) communication inside 1 object (like llMessageLinked) should be encrypted if intercepting them poses a threat.
A good approach is to look at your script as if it wasn't yours. Imagine you found an object somewhere with your script in it, and you know the channels it uses to communicate. Would you be able to abuse those channels to steal money? If so: You need to modify your script and either add encryption or use another way of communicating (or don't communicate at all).
No communication is safer than encrypted communication (like a computer not connected to any other machine is safer than a computer connected thru a VPN).
Lyn
|
|
Rocketman Raymaker
Registered User
Join date: 4 Feb 2007
Posts: 530
|
06-27-2007 07:46
ok, thanks for the replys i think i understand.
My objects do use linked messages in order to play the game or display cards etc but only the parent ever handles anything to do with money. So if i have read correctly i do not need to use encryption in this case but if i were sending payments between 2 object (etc vendor and server) i would need encryption.
Have i understood correctly?
THanks so much for the help, i just found an encryption script in the forums and it looks like it will take a while to study and understand it, so hopefully i wont need this for my initial projects but i will start to study it for future projects.
_____________________
"Proud member of the anti-ginko busy body committee"
|
|
Lila Pixie
Registered User
Join date: 7 Jun 2006
Posts: 20
|
06-27-2007 09:29
If you are using linked messages, then you need to consider the possibility of spoofing messages. For example, can a foreign script send authentic looking link messages to your parent prim, causing your script to do things?
|
|
Jake Trenchard
Registered User
Join date: 31 May 2007
Posts: 104
|
06-27-2007 10:05
Suppose you have a parent prim that handles the payments in and out.
And you have child prims that do different parts of your game.
And one of those child prims can send a message that means 'The player has won' that is used to decide that the player deserves a payout.
You need to be absolutely sure that that 'player has won' message cannot be spoofed. Encryption is a good way.
Similarly for -any- information that is ever used in the payout decisions. You need to set it up so you can trust the inputs that are used to decide what to do.
|
|
Domino Marama
Domino Designs
Join date: 22 Sep 2006
Posts: 1,126
|
06-27-2007 11:31
Authentication rather than encryption is another way to handle it. 1) Authenticate the object and scripts by checking creator, prim count etc. This isn't 100% but will help deter casual crackers. 2) Authenticate the messages http://en.wikipedia.org/wiki/Message_authentication_codeAdding a unique message number (eg timestamp) before calculating the mac to avoid replay attacks is wise there. |