What technologies would you recommend for secure c

2019-07-17 20:47发布

问题:

I've got a big project ahead of me, basically it's going to be a online, kind of hazard game, something like poker. My problem is, that I'm not really sure what would be the best way to approach the client side.

Because the game will involve real money, security is going to be a big issue. For the server side, I don't think it will make a lot of difference what I choose, since all the communication will be encrypted, but I'm more worried about the client.

From my experience working with Java, there are quite a few decompilers, and bytecode probably isn't that hard to crack (am I wrong here).

Since the game will require some 2d graphics, I'd like to work with a technology that makes GUI development at least a little bit smooth.

My other thought was about Flash, but since I haven't seen many online casinos use Flash, it might be a little bit more vulnerable than Java/.NET?

What I'm trying to ask here is, what technology would you recommend to develop a very secure, client side GUI application with some fancy 2d graphics?

回答1:

In my opinion, there is no such thing as a secure client. No matter what you do, someone will decompile/reverse engineer it-- especially when there is real money involved. If I were you, I'd concentrate on making the server secure. Assume every client is hacked and will do anything and everything it can to cheat.

So given that the clients can and will be hacked, I have no opinion on the client software. Choose whatever you want. Maybe use an obfuscator to slow them down-- but this can make it a pain when debugging client issues.

I do have an opinion about installation. It's much, much easier if there is nothing to install, i.e. the game runs entirely on a web site.



回答2:

The short answer and this is my opinion, is that there is no technology out there that exists to do what you want. Now there are technologies which increase the difficulty of understanding the client side application. For example Java and .Net are very easy to look at. ByteCode and IL are not secure in any way shape or form. You can add obfuscation to them to raise the bar so to say....but that is still not secure. You could even go to a full blown compiled application but that is still crackable. So long as the computer is able to understand the application then there will be a human somewhere who could break the program apart.

Your approach here is wrong. You should build all logic, all functionality in the server where no one has access, then you use the client applications to simply handle the UX portion. The only safe way to protect your code is not let them have it. And design API's which can't be abused (Don't let the client roll the dice for example)