Complete.Org: Mailing Lists: Archives: freeciv-dev: December 2001:
[Freeciv-Dev] Re: Development Strategies [Was Documentation,Usability an 		Home

[Freeciv-Dev] Re: Development Strategies [Was Documentation,Usability an

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Reinier Post <rp@xxxxxxxxxx>
Cc: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: Development Strategies [Was Documentation,Usability and Development]
From: Kevin Brown <kevin@xxxxxxxxxxxxxx>
Date: Sun, 9 Dec 2001 15:41:40 -0800 
Reinier Post <rp@xxxxxxxxxx> wrote:
> On Sun, Dec 09, 2001 at 02:40:40PM -0800, Kevin Brown wrote:
> 
> > My question is: with respect to limiting what the scripting language
> > that would be used on the server can do, why do we care?
> 
> You don't want anyone to be able to change the rules of the game without
> anyone else knowing.  A scripting language that enables the user to
> set his money to 10000 is too powerful.
> 
> > I mean, this is the *server* we're talking about here.  If someone
> > decides to run a server that includes units that favor one player over
> > another (as an example), that server will become unpopular very
> > quickly.  Problem solved.
> 
> No, it won't.  What about a script that makes all units of player Foo
> 50% harder to beat 50% of the time?  You don't want to allow rules like
> that (not in a ruleset, either).

Perhaps, but the language is just a tool that can be used for good or
"evil" and the power of the language will affect the abilities of both
equally.  So you can reduce the power of the language and make it
impossible for, e.g., the unit to set the user's money at 10000 (or,
more appropriately, add 10000 to the player's bank), but now you've
made it impossible to build a "gold miner" unit, as an example.

And in any case, the more subtle the cheat, the less effective it is.
People will stop playing on a server if they notice that player X ends
up winning a lot more often than they should and doesn't seem to be
significantly better in his strategy or tactics than the rest of the
players.


> > What I'm getting at is that it DOESN'T MATTER if people egregiously
> > hack on the unit code, because they can't submit it remotely to the
> > server anyway -- they have to actually be in control of the server,
> > and if that's already the case then no amount of protection in the
> > scripting language is going to help.
> 
> True, you need to trust the server owner.  I think we were discussing
> scripts or ruleset changes set in the server, but specified at the
> client end.

Yech.  Why would you even *contemplate* such a thing?  If players want
to add units to the game they can do so by sending the appropriate
code to the server maintainer and have *him* do the work.  It's his
server, after all.  If you implement such a capability, it should be
subject to the trust rules that are in place for general control over
the server anyway.  In short, to upload such a script, you should have
administration rights on the server process.  Then it becomes a matter
of trust as usual and you don't have to worry about putting in all
sorts of crazy limitations into the scripting language.

If you have to make it possible for any client to upload server-side
code, then such code should be reviewable by all players (this might
be useful to have even if only "administrators" can upload such code).
But in the end, I think that the ability of clients to upload code to
the server is much more trouble than its worth except perhaps when
given only to those who have administrator rights on the server.



-- 
Kevin Brown                                           kevin@xxxxxxxxxxxxxx

    It's really hard to define what "unexpected behavior" means when you're
                       talking about Windows.
[Prev in Thread] Current Thread [Next in Thread]