DarkFall : Closing security gaps

A new article about last week’s revelation of security flaws in the Darkfall code that had been given over when Ub3rGames obtained licensing for its version of the game was recently published. The article begins with debunking a few misconceptions about the security issues and then goes into a comprehensive look at how the development team will be working to ensure players have a secure environment in which to play.

  • In the short term, our work in progress:
    • Deliver a different client for users, with none of the code from GM/Admin commands.
    • Prevent an outdated/altered client from connecting to the server.
    • Encrypt critical network exchanges between client and servers.
    • Invest in a new server infrastructure dedicated for hacking weeks, to not impact InDev play time at all.
  • In the medium term:
    • Completely change the archive format to invalidate all current knowledge.
    • Switch to block chain encryption, and other fancy tricks.
    • Lay a minefield of annoyance that will drive hackers-for-hire away to other games.
  • In the long term:
    • Move as much authority as possible to the server-side.
    • Only send relevant data client-side.
    • Over time, convert all of the Java to C++.

For more information, please click here.