ID:133970
 
I thought up an idea to allow developers to control who can host by checking the game at start up or when the game begins to host before its posted on the hub its checked to see if the key is allowed to host. So if a host goes rouge the creator could remove there key name from a list and the world would close stopping them from hosting and discussions on the forums on how to bring back power to the developer.

You could also make this a byond member only feature.

Thoughts?
Well with some coding you can already do that, but I like a option that could have that maybe in the hub itself you can add a list of keys that can host.
See [link] and [link]. You, as the developer, do not control what the hosts do.

Even if BYOND were to implement such a system, the host could easily bypass it. Duh!

-- Data
In response to Signaki Corp
Signaki Corp wrote:
but I like a option that could have that maybe in the hub itself you can add a list of keys that can host.

Thats exactly what i meant.

Maybe the developer could also add a few lines of code if that if the world can't communicate with the hub then it closes it self down.
In response to Yorae
Yorae wrote:
Maybe the developer could also add a few lines of code if that if the world can't communicate with the hub then it closes it self down.

all of this stuff can already be done through DM coding
my game checks my website to verify the version is up to date, then it loads up the sub list
it would be easy to add a host list of keys/ips or a list of people who are banned from hosting
either way all of this stuff can already be done pretty easily through DM

if you only want a limited number of people hosting, easiest thing to do would be to upload a list of keys that are allowed to host, and then check it in the game. using the export proc

as it is now, you have to have a valid subscription to stray games to host my games o.O a couple of em at least
sounds like pretty much the same thing youre wanting
In response to Android Data
Android Data wrote:
See [link] and [link]. You, as the developer, do not control what the hosts do.

Nope, but its perfectly possible to close the game down if you don't like the way they're doing things. No real reason to do this unless you're hosting a persistent world and the host is just the person who's server the world is running on. If that's the case, though, its simple enough to code in remote commands to let you control the server and determine how much in-game influence the host has. Of course, the host can always stop hosting if they don't like what you do, so there has to be some mutual respect there. :P

For games outside the persistent world setup, there's really no point in trying to control the host.
In response to Foomer
lol i disagree with pretty much everything u said in that post foomer
In response to Foomer
Foomer wrote:
Nope, but its perfectly possible to close the game down if you don't like the way they're doing things.

No, because the host can override you try to do. The host can block remote commands being sent by blocking the IP they're sent from. The host can continue hosting if your website/hub authentication failed by faking the authentication attempt. There is no fool-proof way to block the host, and trying to get BYOND involved will just lead to hosts attempting to block/bypass the BYOND hub in order to host.

You already have hub_password. Nothing else is required. If you lose players to your abusive host, you should look at yourself and the host you have now and determine why players move to the aformentioned host.

-- Data
In response to Falacy
But you have to remember, not many people do have a website, "So there are free ones" Yes I understand that, but alot of people rather just stay to byond and not branch out. A box in the byond hub for your game that you can add keys to would be easier than writing 4-6 lines of code for it check, and loop to check again. It becomes, a strain on any huge game. For the question type person, "What if the website goes down" well sorry if your game cannot find that txt or whatever for awhile nobody can host.

Okay I know there are people going to say that WEBSITES NEVER GO DOWN. Bull even byond drops time to time.
In response to Signaki Corp
Signaki Corp wrote:
A box in the byond hub for your game that you can add keys to would be easier than writing 4-6 lines of code for it check, and loop to check again.

Sure, it would be easier, but it wouldn't make BYOND look good: they'd be approving of security by obscurity.

For the question type person, "What if the website goes down" well sorry if your game cannot find that txt or whatever for awhile nobody can host.

Actually, the host can simply bypass this alltoghether. All the host needs to do is fool your game into thinking it's been authenticated.

Since the host has full access to his computer, s/he can do this. Your entire system falls apart if all the host needs to do is capture & send a few packets on his own PC.

As I said, it's security by obscurity because you're in the mistaken illusion that you're safe, while in reality a host who is even slightly bright may be able to avoid your anti-host system.

Take a basic world.Export("http://mysite.com/mytxt.txt") which reads the .txt file if it's OK to host. To bypass this, all the host needs to do is the following:

1. Goto "http://mysite.com/mytxt.txt". If they don't know the URL they can use a memory reader to get the URL from the game.
2. Make their own "mytxt.txt" file with the same contents as yours.
3. Get a webserver and put "mytxt.txt" in there.
4. Edit %WINDIR%\system32\drivers\etc\hosts to reroute mysite.com -> 127.0.0.1

The next time they boot up your game, it'll connect to the hosts' own webserver with his own .txt file. You will no longer have influence on the host.

If you use a direct IP address, the host can still use a firewall to reroute traffic going to that IP address back to his own PC. And if the BYOND Hub authenticates the host, a packet sender/receiver application may be used to spoof the packets that cause your game to be approved.

And you could say that the host should be prevented from doing those things, that the host shouldn't be able to even try to bypass it, but you're forgetting one fact here that not even BYOND Staff can change: the hosts' computer is the hosts' computer is the hosts' computer, except for spyware/adware-type programs.

-- Data
In response to Android Data
How do you get past [link]?
In response to Falacy
Falacy wrote:
lol i disagree with pretty much everything u said in that post foomer

Thanks for elaborating. I disagree with everything YOU just said, too!
In response to Foomer
Foomer wrote:
How do you get past [link]?

Using the same instructions as before.

1. Edit %WINNT%\system32\drivers\etc\hosts and add a line that says "127.0.0.1 files.byondhome.com".
2. Download a webserver application (like Apache web server) and install it.
3. In the "htdocs" directory, make a directory called "Foomer".
4. Make a file called "Access.txt" and fill in your BYOND key.
5. Put the "Access.txt" file in the "Foomer" folder.
6. Run the game.

Upon clicking TestAccess, the game will respond that it has granted you access (assuming the DNS cache has updated and files.byondhome.com is now resolving properly).

Note that this method will prevent you from downloading BYOND Members' files until you edit out the line in the hosts file. And even when you edited out the line, it will take some time for the DNS cache to resolve files.byondhome.com to the proper IP.

-- Data
In response to Android Data
Well is there a way to determine which file at which location is being checked for access?

(Its easy to get that information with the source code in front of you, but what if you don't have it?)
Yorae wrote:
I thought up an idea to allow developers to control who can host by checking the game at start up or when the game begins to host before its posted on the hub its checked to see if the key is allowed to host. So if a host goes rouge the creator could remove there key name from a list and the world would close stopping them from hosting and discussions on the forums on how to bring back power to the developer.

You could also make this a byond member only feature.

Thoughts?

var/numofplayers=0
client/New()
{
numofplayers++;
var/list/FolksWhoCanHost = list("Rockinawsome", "Crispy", "Kunark"); //for example
if(!FolksWhoCanHost.Find(src.key)&&numofplayers==1)
{
world.shutdown() //I'm away from a comp with byond on it, look up the right proc
}
}


It's uncompiled/untested code, but you get the idea. Now if someone hosts with DreamDaemon they'll think they're getting around this, but the moment someone logs on it closes the world anyway.
In response to Android Data
Although I agree with the majority of your reasoning, I couldn't help but thinking there might be a gray area.

Supposing your host authentication system was designed around byond's built-in subscription system, a system which is often used to allow developers to grant extra benefits from some sort of payment. Firstly, any host attempting to block out such a system could invariably disable portions of the game itself, making the outcome self-defeating. Concluding another possibility, the host finds an exploit to fool byond into verifying him as a passport subscriber and therefore causing the system to allow him access - such a result would indicate a problem with the passport system itself and therefore creates a vulnerability to anyone using passport at all; Byond is forced to either disable passport or fix the problem, once more sealing the original exploit and leaving your auth system secure. It's only real weakness would be if they gained access to your accounts.
Of course I don't know much about the inner workings of byond's protocol and how well such a system would work beyond the theory of it, but it seems like a worthy solution.
In response to Foomer
Make a remote world that can shut down any world via world.Topic().
In response to Khalamari
Khalamari wrote:
Make a remote world that can shut down any world via world.Topic().

1. Get a firewall application like ZoneAlarm.
2. Blacklist the IP of the remote world.

The remote world can no longer send signals to your server, and thus it cannot be remotely shutdown.

-- Data
In response to Android Data
Or make a code that always has to find that IP, and constantly loops for it, and if ever blocked by firewall, or ip ban in game itself will shut down the game. Put that into another code that has a remote shut down.
In response to Android Data
Obviously you're enjoying this, but fact is 90% of the BYOND population won't be able to do that even after you've told them exactly what to do. Nevermind packet spoofing and memory reading.
Not to mention redirects/blocks are extremely easy to cover for in coding...
Page: 1 2