View Single Post
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 4
04-26-2011, 05:27 AM
Ok those are fair points,

However you may have overlooked mine :-), though perhaps I was not clear, and I am sorry I never explained why and how this "could" work, and its security aspects.

I propose that only a config file is uploaded, this config instructs the online foundry on how to recreate the mission based on your instructions, but using the game files stored on the cryptic server, any exploit and hack you create on your home PC cannot be recreated on the live server as it only exists on your home PC.

If the config file you submit does not meet the “Starfleet regulations” then it fails to upload - were only going to upload values - not actual game files.

For added protection to the config file itself, protect with an AES 256bit encrypted public key (will need the private to read it – which they wont have), the key should then becomes corrupt if the config file structure changes radically from the expected.

So then once its uploaded it wont be readable anyway even with the private key. (which only cryptic should ever have, if the private key gets out all hell breaks loose!!)

This should deter any hacker from attempting to break open the config file, doing so won’t achieve much, maybe the possibility to reverse engineer the file corruption mechanism, but if they manage to do so with AES 256bit, then they are not the normal hackers and should be on a wanted list or working for MI5,.

In security, deterrence is better then prevention.

Im pretty sure that this will stop hackers and modders even if they can reverse engineers the corruption mechanism, because you are taking away from them the ability to hack and mod using custom files.

Remember, the only thing that gets uploaded will be a config file, I’m sure all uploads will go through many security checks as usual before implementation, there are hundreds of security products out there that scan for all kinds of non conforming malicious file.

The only difficult thing about this process is modifying the foundry to read and build a missions form a set of instructions in the form of a config file that won't scope any infomation other then what can be created in the current foundry.

But won’t the potential sales revenue be worth it? That is what I am asking.

I hope this clarifies things a little bit.