ID:294096
 
Hello, i dont normally post, but i would like to know how hackable is a byond game if the players only have access to the client files and not the host files? are variables accessable in any other way apart from what is scripted into my games, lets say can a person use a 3rd party program to gain access? This is a major issue i need to find infomation on, for my next game is to blows the community away....if done right....not that my other games didnt leave some impact when i was hosting them for fun.

And just one more question, if i want a high amount of security, what would be the best way to do this whilt keeping everything smooth running?

Please understand i do not wish to give anymore details on my future 'plan' for my next game, i just know you will love it.

but i really need this infomation, thanks everyone.
Zelldot wrote:
client files and not the host files

Could you define as what you refer to when you're talking about 'client files' here?


Zelldot wrote:
are variables accessable in any other way apart from what is scripted into my games, lets say can a person use a 3rd party program to gain access?

That would depend on how you define 'accessible'. A developer has to ensure that any input received is checked and validated. If done properly, you should be on the save side.
In response to Schnitzelnagler
when i say client files i mean in the terms of a server, i would be the 'host' thus having the 'host' files, and every player that connects to me would have the 'client' or 'compiled' files. (i pprogram a range of languages so my wording aint 100% byond talk n.n)

do you think byond is safe anouth to have a real cash economy if coded corectly?

and damn ya quick on responces.... i like that, do you work for byond?
In response to Zelldot
I understand the determination between client and host/server as general concept. What I do not understand is what you're referring to by 'compiled files'.
If you're not used to BYOND, then you might struggle on its concept, like I did when I first tried to work into understanding the language.
There is no soft-coded client-server concept on BYOND, but it is entirely hard-coded.

As for a detailed security analysis, you'd have to ask Tom or Lummox JR, as I do not have access to the source code and thus can't judge it, but so far I have not come across of a single incident where the BYOND backend was to blame instead of the developer working with it.

My response time is actually rather varying, depending on my on-line time, but usually less than 12 hours and no, I do not work for BYOND nor am I affiliated in any way. I am a simple volunteer.
In response to Schnitzelnagler
and you are good at what you do, thanks for aid so far, i have been a coder on byond for ages, i know the code like i know html, and everyone know how easy that is n.n.

If this does go as well as i plan it to, i plan to set up something to help the makers of byond aswell, but i need to be 100% sure, because this will be real money flowing through my game, to deposit and withdraw, i have already worked out the mathmatical coding.

Now you can see my consern with security is paramount
In response to Zelldot
I wouldn't exactly claim that handling proper modular programming in an object-oriented language and providing readable source code is exactly easy, or comparable to HTML.
Most people underestimate the task because it is blazing simple to create some bare bone graphical multi-player project with BYOND, the conclusion of taking everything for granted and simple is a tempting one.

It is certainly nice that you're intending to help BYOND and I hope your project succeeds, but as I mentioned, I can not provide you with more information that I have. Lummox JR/Tom are the ones you want to talk to, though I'd guess you'll have to handle a lot (thousands of dollar per month) of money to make it worthwhile for a malicious user to intend and break the security. Even in such a case it is usually easier to just attack the server itself.
In response to Schnitzelnagler
can enyone else provide me more infomation?
In response to Zelldot
As I mentioned Lummox JR/Tom are likely your best bet on the topic.

Though I have the feeling that you might just want to give such a project a try first. It is highly likely that you find it less easy to generate multiple thousand dollar revenue than you'd imagine.