ID:151570
 
I want to know if it is plausible to allow free hosting by anyone on your game with shared savefiles and not expect people to hack them?

My logic here: I want to have shared savefiles across servers and not have dedicated servers, but it seems that any 'defense' I put in place would be counteracted with relative ease.


So: Is there a way to make this possible? Or are dedicated servers the only even moderately safe way.


The only two ways I can think of sharing savefiles being possible is a central MySQL server and storing the files locally. Are there any other possibilities here?
MD5 it. If the entire file doesn't match the MD5 checksum, it's been edited. Don't load it. Cheating is still possible, but not as likely.
http://www.byond.com/developer/Garthor/SafeSave will keep people from tampering with the savefiles.

However, if it's running locally then people are still going to be able to do memory editing and such, so the savefile being uneditable is a bit of a moot point. It's a slightly higher barrier to entry, but not insurmountable.

I suppose you could more or less beat the savefile editing by having every single variable have some other variable which checks it. But that would require routing everything through setter functions, which would be a major pain.r
In response to Garthor
Garthor wrote:
http://www.byond.com/developer/Garthor/SafeSave will keep people from tampering with the savefiles.

However, if it's running locally then people are still going to be able to do memory editing and such, so the savefile being uneditable is a bit of a moot point. It's a slightly higher barrier to entry, but not insurmountable.

I suppose you could more or less beat the savefile editing by having every single variable have some other variable which checks it. But that would require routing everything through setter functions, which would be a major pain.r

Yea... Memory editing can be fought to a small degree. But that will only stop the least resourceful people.

Wouldn't be that big of a pain. But still beatable.

In regards to SafeSave, couldn't people use memory editors to see the full salt and therefore recreate the MD5?
In response to Ter13
Ter13 wrote:
MD5 it. If the entire file doesn't match the MD5 checksum, it's been edited. Don't load it. Cheating is still possible, but not as likely.

Garthor noted this, and my question is: Can't someone use a memory editor to see the values and the order they are being hashed and then recreated?
In response to AJX
No, only the values are stored in memory, not how they're being used.
In response to AJX
[link]

Though actually I'm not sure what happens when you have a text string set to "[hub_password]". Hmm...

Looking at my code again, I don't THINK it's be a major issue here, as the text string should either exist on the stack in this case, or go out of scope and be garbage-collected immediately.