在客户端/服务器握手中验证客户端二进制文件 [英] Validating client binaries in client/server handshake

问题描述

我正在建立一个连接到服务器的客户端程序。这个客户端程序需要将源代码作为许可的一部分提供给用户（不是选项）。但是，我需要确保当用户使用该客户端程序连接到服务器时，它将使用原始代码运行，并且没有被更改和重新编译。

I am building a client-side program that connects to a server. This client-side program needs to have the source code available to the users as part of the licencing (not an option). However, I need to ensure that when a user connects to the server with that client-side program, it's running with the original code and hasn't been altered and re-compiled.

在连接服务器期间，是否有任何方法检查他们是否使用未更改版本的程序？

Is there any way to check during connection to the server that they're using an unaltered version of the program?

推荐答案

你所描述的是视频游戏行业在过去十五年来一直在争取的一个问题。总之，如何防止用户修改客户端（在他们的情况下，一般是为了防止作弊，虽然也是出于版权原因）。如果这种努力教会了我们什么，这是防止修改客户是一个不断的军备竞赛，你永远不会果断赢。鉴于此，甚至不要尝试。

What you have described is a issue that the video game industry has been fighting for the last decade and a half. In short, how to prevent the user from modifying the client (in their case, generally to prevent cheating, though also for copyright reasons). If that effort has taught us anything, it's that preventing modifications to the client is a constant arms race that you will never decisively win. In light of that, don't even try.

按照标准的客户端 - 服务器假设，客户端在敌人的手中，不能被信任。基于这个假设，建立你的服务器端防御，你会没事的。

Follow the standard client-server assumption that the client is in the hands of the enemy and cannot be trusted. Build your server side defensively based on that assumption and you'll be alright.

这篇关于在客户端/服务器握手中验证客户端二进制文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！