Home > Articles

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

Recognizing Vulnerability

The point of this exercise is to demonstrate the fallacies that most programmers accept about score list protections. The following table outlines why most score lists are vulnerable.

If the client has full control over...

Then...

Game file

The game can't be trusted.

Network traffic

The scoring data can't be trusted.

Domain name requests

Domain names can't be trusted.

In other words, the client cannot be trusted. The programmer can either attempt to create a game that forces a client to operate within a very strict box, or program the game in such a way that all the logic of the game is controlled on the server.

We've shown the types of attacks to which score lists are subject and demonstrated how those attacks could be implemented. The point is to understand the threats associated with leaving your score list wide open to attack. If only a score was at risk, well...that could be overlooked. But when a score list becomes a tool for attack, you have a real problem, as we'll discuss in part 2 of this series.

  • + Share This
  • 🔖 Save To Your Account