It's very difficult to summarize this change in a single sentence, so the title is kind of garbage.
Basically, while working on a PR for cratetorrent, I remembered that, as a way of uniquely identifying users, the torrent tracker protocol has each user send a random u32 to identify themselves. Then, when they want to send more information, they just send said u32 alongside that information.
Basically, what I'm trying to say is that when a player connects to a server, they generate a random large integer (u16 or u32, u64 is overkill), and whenever they send a message, they send that integer along with their message. For example, when a player wants to move, they would send:
Player ID Coords + Rotation + *identifying integer*
From now on, I'm going to call the identifying integer a key
Why?
Currently, it's ridiculously easy for a player to "hack" another player. All someone connected to a server needs to do is just change their player ID (through some manual code editing or by making a custom hack client), and then they can move other players, make them shoot, and all sorts of garbage stuff. Obviously, that sucks, and the key could be an easy way of preventing that. Every time a player wants to do any action (that involves the game, not stuff like downloading maps), they send their key, and then the server registers that key alongside their player ID. If a malicious player than tries to do something like a location hack, they would have a 1 in 2^32 (probably less than the chance of being struck by lightning in your lifetime) chance of guessing. If they guess incorrectly (if the server receives a location command and the key is incorrect), the malicious player instantly gets kicked or banned, since it should be impossibly to accidentally send the wrong key without a mistake in the code (which is impossible).
It's very difficult to summarize this change in a single sentence, so the title is kind of garbage.
Basically, while working on a PR for cratetorrent, I remembered that, as a way of uniquely identifying users, the torrent tracker protocol has each user send a random u32 to identify themselves. Then, when they want to send more information, they just send said u32 alongside that information.
Basically, what I'm trying to say is that when a player connects to a server, they generate a random large integer (u16 or u32, u64 is overkill), and whenever they send a message, they send that integer along with their message. For example, when a player wants to move, they would send:
Player ID Coords + Rotation + *identifying integer*From now on, I'm going to call the identifying integer a key
Why? Currently, it's ridiculously easy for a player to "hack" another player. All someone connected to a server needs to do is just change their player ID (through some manual code editing or by making a custom hack client), and then they can move other players, make them shoot, and all sorts of garbage stuff. Obviously, that sucks, and the key could be an easy way of preventing that. Every time a player wants to do any action (that involves the game, not stuff like downloading maps), they send their key, and then the server registers that key alongside their player ID. If a malicious player than tries to do something like a location hack, they would have a 1 in 2^32 (probably less than the chance of being struck by lightning in your lifetime) chance of guessing. If they guess incorrectly (if the server receives a location command and the key is incorrect), the malicious player instantly gets kicked or banned, since it should be impossibly to accidentally send the wrong key without a mistake in the code (which is impossible).