Data-Security questions

Questions & Answers
1

Hi there,
i am developing a multiplayer game, where the players will have an inventory.
For prevent cheaing, like changing the amount of items in the inventory or changing the level or exp, i need to store the data secure.
I was thinking about creating a json or xml file on the server and let the game read the file when the player starts the game, afterwards store the data inside of an object and upload the data to the server when the game will be closed.
There is a problem about that, because of the big memory-usage. I guess in such an object should be stored some integer and string values, but the bigger the amount of items in the inventory will become, the bigger the object will be.
So first question is: How could i know how much data i can store in the inventory and not to worry about the memory usage?
To reduce the memory usage i could do something like store the data on the server again and let the game download the file, which will be encrypted, save the file on the players computer and only read this file if needed.
I found an encryption manual around the internet: http://support.microsoft.com/kb/307010/en
But i have also red about that code can be reverse engeneered pritty easy.
So the second question is: Is that stuff, Microsoft is writing about data encryption, really save?

ps. It will be a Windows standalone game.

Greetings, Michael

2

Don’t have too much expierience with this, but I somehow feel like that’s a bad approach. Whatever you do, if you get the info from the player / client, they will find a way of tinkering with it, mostly if it’s an actual file on the players PC.

Now if you’d generate the file inMemory w/o even actually saving it to the PC and just send the info the server, that would probably make it a bit harder , but still… players might analyse what you send via WireShark or some other means and try to do it manually.

Usually when it comes to stuff like this you’d want to perform some sanity checks on the server to make sure that the data received is legit.

Also, why not just use a database on the server ? What prevents you from doing that? A bunch of simple sql queries to check the inventory of a player, should be more than enough, don’t you think ?

I’m just curious why you would go for the jSon approach and not a DB… :confused: