Module improving security
Posted: Mon May 31, 2010 3:42 am
Hi,
I'm developing at the University a module to improve security in online games (the implementation is based on W:ET).
The server-side is partly done - it's working as a proxy between ET engine and ET mod (like ETPro). Currently it supports clients groups (levels of privileges), assigning to them access to server commands (with inheritance) and banning by networks' addresses with CIDR.
I would base client authentication and authorization on GnuPG (or SSL) - as GUIDs can be changed and cheater could easily gain access to server.
The problem is emerging: needs of client-side to handle authentication of an admin/player. The client can be cheated by dishonest server admin, forcing him (the client) to download a faked module, which could steal the key and log the passphrase typed by the player.
Does someone have any ideas how to prevent this?
Thanks in advance for any hints.
I'm developing at the University a module to improve security in online games (the implementation is based on W:ET).
The server-side is partly done - it's working as a proxy between ET engine and ET mod (like ETPro). Currently it supports clients groups (levels of privileges), assigning to them access to server commands (with inheritance) and banning by networks' addresses with CIDR.
I would base client authentication and authorization on GnuPG (or SSL) - as GUIDs can be changed and cheater could easily gain access to server.
The problem is emerging: needs of client-side to handle authentication of an admin/player. The client can be cheated by dishonest server admin, forcing him (the client) to download a faked module, which could steal the key and log the passphrase typed by the player.
Does someone have any ideas how to prevent this?
Thanks in advance for any hints.