14 Feb 12, 08:30PM
(14 Feb 12, 07:35PM)tempest Wrote:(14 Feb 12, 06:49PM)Zarj Wrote: Firstly, it would be easy to have the client send their MAC address to the server. The issue with this is that MAC addresses are easy to spoof, and so that's barely a level of security.Yeah, but that's merely a way to get a "unique" ID, nothing else. It can still be modified quite easily, plus many network cards and OSs actually let you change the MAC address.
Yes, that is exactly what I said... :p
(14 Feb 12, 07:35PM)tempest Wrote:(14 Feb 12, 06:49PM)Zarj Wrote: Secondly, Unique IDs would be a reliable option, even with an open source game. Here's how:Wait, do you notice a pattern here? What was the problem we were trying to solve, again?
[...]
The only issue with this system is finding a way to stop people from getting a new ID: meaning if some hacker asks for a new ID, the system should be able to do an IP check or something similar to keep them from getting one.
This whole "unique ID" business simply won't work reliably until you make sure that each player can get only one ID. For commercial games, this is fairly easy, because getting a new ID means you'd have to buy the game again (although nothing stops you from doing that). It's even easier for systems like Steam, because AFAIK if you get caught cheating with a certain Steam account, the IDs for all VAC-secured games associated to that account get blacklisted.
For an open-source game, I doubt this problem can be solved reliably.
This is a little different from just a straight up IP ban, and would allow more control over who gets an ID. For instance, problem ranges (like the 188 and 189 ranges) could require manual activation of the ID. I'm sure we could find 15-20 community members who would be willing to do stuff to check this.