Multiplayer Authentication (How To Avoid Griefers?)

[crazy2be]

How would players connect to a server? What information would they need to provide? A username/password? What would be done to prevent griefers (players who simply destroy other player's stuff for their enjoyment)?

There's a couple options I can think of:

• Centralized authentication system for usernames and passwords
  • Someone sets up an authentication server, and keeps track of usernames as well as their respective password hashes.
  • People register usernames (we should include a fee here), and are then given the ability to login to any server which is open to the "public".
  • If they do something bad, the server admin bans them, and they can't login again with the same username until the admin lets them back on.
  • If they wish to login and grief the same server again, they will have to purchase another username. This way, we could profit off such destructive behavior (although money becomes a contentious issue with open source projects sometimes).
  • To prevent such users from going and attacking other servers, we could have a "karma" associated with each account, and give server admins the ability to set a "karma threshold". Players could gain karma by playing the game without getting kicked, by getting awarded it by other players, or by slowly gaining it back over time. Users would start with 0 karma.
• Passwords per-server if the server admin has issues with griefing
  • Could be combined with the above, offering both as lines of defense against griefing. This is the approach taken by most networked games, as it requires no central server. However, it does not allow admins to set up a "public" server and still feel safe that they will not get attacked by griefers.

[fabianschuiki]

Maybe we could use a combination of both approaches? I'd favor a centralized authentication system:

• E-Mail address and password to login.
• Separate username just for representation inside the network.
• This would allow to maintain a centralized user server, possibly storing things like achievements, score etc.. Maybe on the main OpenSkyscraper server (I could host that, conditions in Switzerland aren't too bad and I'd be glad to support the project by providing the required webspace and domain name)?
• I'm against charging a fee for the basic user account, as this is an open source project. I think requiring a valid E-Mail address for login and possibly keeping track of the user IPs should suffice for preventing destructive actions for starters. But the possibility to create semi-closed servers that require a paid account and guarantee «grieferlessness» is pretty attractive.
• Maybe we could overcome the griefers issue by designing the multiplayer gameplay in a way that there is not much to be destroyed by dishonest players?

I admit I'm absolutely new to the field of multiplayer game development, so feel free to correct me and point me at the right directions, I'm glad to learn this stuff :).

[crazy2be]

We could also have a "unsecure" mode for the server, where it doesn't verify usernames. This is similar to how minecraft does things.

• Email addresses are disposable, seem mailinator.com for an extreme example.
• I am undecided on whether charging a fee would be a bad thing: You could still play single player and on servers that did not require verification without one. The fee would cover the web hosting, and developers have to eat. Ultimately, the fee would allow developers to spend more time on the project. However, the issue is that a) it might discourage other people from getting involved, or b) it could cause internal fights and struggles within the project that open source works so diligently to avoid. Whoever controls the server gets control of the money, so fights over this are very possible. Decisions would have to be made early on as to where this money goes, who controls it, when it is allocated, etc.
• Dishonest players will find a way, especially if you have lots of younger children/teenagers playing your game.

All in all, it's a tricky issue. However, this is no small project, and money certainly provides people with significant motivation for getting things done :P.