Instead of loading the owner from a savefile, you could code it into the game. I don't know how you're handling it, but a simple global owner variable set to your key would probably work. Then just check if the global owner matches the key and assign ownership like you normally do. You could also look into encrypting the savefile, but that's a little more involved.

Then encryption would probably be your best solution. You can use either AirMapster's RC5Preview, and/or PiF's EncryptedSave library.

http://www.byond.com/members/ DreamMakers?command=search&text=rc5preview&type=resources

Rayquaza1903 wrote:

I contacted byond about a bad host and what I should do and they told me this:

if you change the hub password and release a new version that doesn't allow a modified savefile to grant owner status, most of the issue will go away. There is no way to 100% stop abuse by a host, but changing the hub password will keep his version of the game from showing up on the hub.

I don't know how I am supposed to release a new version that doesn't allow a modified save file to grant owner status. They told me to put this under here.

In addition to the other comments about encryption and savefile protection in this thread, this is one of those matters that will always be a never-ending battle, and it's something that you will never succeed in "winning" at, but you can most certainly make screwing with your game a spectacular pain in the ass.

The simple fact of the matter is that you're distributing these files to the general public, and it's their prerogative to abuse every single bug and find every last security exploit because, let's face it, the end user is both your target audience and arch nemesis.

You can't trust a single byte of data that flows into your program because there's infinite possibility for skew, whether by entering letters into a field designated for numerics, to more sophisticated matters like memory editing. Things like hierarchical structure designated by the person who rightfully belongs doing so is one of the several areas you shouldn't skimp on, and the most basic things you can do is to never save verbs to, or load verbs from, a savefile, or ever employ something so ridiculously simple as a boolean variable that determines the "owner" at runtime, unless it's part of a clever sham (I like employing one to make people ban themselves, personally).

Another thing all developers should consider is a method of forcefully updating old servers. The largest problem with crippling bugs (or security holes like this one) is that everyone knows which version it exists in, and without a method programmed by the developer to shut down old and abused versions with minimal margin for failure, things like this will continue to be a big problem.

I'm on your side man -- game owner > host -- and I'm just giving you some food for thought.