Jump to content


Photo

Designing a Real Guild Bank...


  • Please log in to reply
57 replies to this topic

#41 Trashe

Trashe

    Glass Joe

  • Members
  • 22 posts

Posted 03 December 2006 - 11:42 PM

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

I don't see how a keypad for a pin code would be any less exploitable than a password. Assuming the keypad would also be coded in the same XML/scripting interface, someone could just open up the code the the keypad and write a bot that spams it with all 8999 (?) number combinations.

#42 Galatea

Galatea

    Code-spec'd Paladin

  • Members
  • 887 posts

Posted 03 December 2006 - 11:58 PM

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

I don't see how a keypad for a pin code would be any less exploitable than a password. Assuming the keypad would also be coded in the same XML/scripting interface, someone could just open up the code the the keypad and write a bot that spams it with all 8999 (?) number combinations.

You handle that the exact same way you deal with it on any server password interaction. You limit the speed of entry. The first time is instant, then the next few are rate limited to one try a second, then it slows down to one try a minute, or locks out the person from the guild bank entirely. It is all done on the server side, so the fact it might be scriptable is not a big deal.

My big issue is with click logging. If you can key log, you can also log the position of the window, and the clicks, and calculate the window relative clicks. Since WoW internal windows are not real OS windows they could solve that by putting it at a random location, and ordering the buttons in a random order.

#43 Eugorym

Eugorym

    Glass Joe

  • Members
  • 18 posts

Posted 04 December 2006 - 12:52 AM

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

I don't see how a keypad for a pin code would be any less exploitable than a password. Assuming the keypad would also be coded in the same XML/scripting interface, someone could just open up the code the the keypad and write a bot that spams it with all 8999 (?) number combinations.

That would take significant time to go through all permutations and hopefully after 4 or 5 wrong guesses it would lock out for a while.

#44 CrazyGamer

CrazyGamer

    Von Kaiser

  • Members
  • 74 posts

Posted 04 December 2006 - 01:27 AM

A few other things I would like to see:

Separate areas of access:
It would be nice to designate consumable access for some and armor scrap access for others. Not a big deal in any of our guilds I guess but could help with the trust issues in a recent guild and reduce the potential customer service work Blizzard would have to do by not having to give someone access to all the gold and raid materials if you want him to distribute potions before a raid.
Even better if you could assign lists for each area and items on those lists would go to their respective areas if there would be room (and otherwise to the misc. area if there would be room there).

Ignoring "unique":
This tag should have no feature on a guild bank.

Increased stacks:
It makes sense to restrict the amount of potions a player can carry. For banks though, wouldn't it be better for Blizzard to let them stack hundreds in individual slots than spread them in 40 separate slots?

Crafting:
It would be a major reduction of timesinks in guild management if crafters could use materials in the guild bank to craft items which would then appear in the guild bank. Ideally the crafting time would be removed or greatly reduced so you could swiftly convert extreme volumes of materials into the proper potions.
http://www.defendersofvalor.net
\"Never trust anything that a man will not set his reputation and name upon.\" - Medivh

#45 Polleke

Polleke

    Foobar

  • Members
  • 257 posts

Posted 04 December 2006 - 01:29 AM

Intercepting mouse clicks is just as easy as intercepting keyboard input. Even when you locate the keypad at different positions, you can figure out the memory patterns pretty quick. Random position of the digits on your keypad would make it hard, but not inpossible.

Only hardware solutions are feasible because then you can control the data at a level outside of the uncontrollable OS. The OS will only see one-way encrypted data.


Back to the guild bank. If Blizzard would just implent a guild storage place, with withdraw and placement access managed at server level, throw in a bunch of lua functions, and within weeks complete managment addons will be made. Complete with logs, requests, automated handling of certain items, you name it.

The idiot who ebays the guildbank problem remains ofcourse. And I'm curious to how Blizzard will handle it. Completely ignoring it and saying that it is the responsibility of the person donating to the guild bank I think is doubtfull. I think they will just accept the extra GM load.
* Bla

#46 Praetorian

Praetorian

    Mike Tyson

  • ♦ Administrators
  • 27,760 posts

Posted 04 December 2006 - 01:48 AM

The EBay issue would be no worse than the current scenario. If a leader is paranoid about it, then he can give no one else withdrawal access. As things stand now, plenty of guild banks have a password known by multiple officers -- surely anything that discourages account-sharing is a positive change, particularly from Blizzard's perspective. And as noted, by adding a separate secure in-game bank password, you could ensure that the assets are safe against keylogging, unlike the status quo where a keylogged guild bank is everyone's worst nightmare.

#47 Korhallen

Korhallen

    Von Kaiser

  • Members
  • 46 posts

Posted 04 December 2006 - 01:58 AM

Everquest 2 has pretty much the ideal guildbank system.

You can set permissions, ranks in the guild that can use, make certain banks view only, no view, donate only, etc. Guildmembers can deposit directly to the bank at any bank, has a bank log of who's added/taken what, etc.

#48 Lank

Lank

    Von Kaiser

  • Members
  • 64 posts

Posted 04 December 2006 - 02:55 AM

To solve the problem of people opening their own personal bank, the guild bank could scale somehow with number of member accounts.

#49 Shik

Shik

    Piston Honda

  • Members
  • 191 posts

Posted 04 December 2006 - 03:51 AM

To solve the problem of people opening their own personal bank, the guild bank could scale somehow with number of member accounts.

How is 1 person forming a guild solely so they can have extra space an issue?

#50 Praetorian

Praetorian

    Mike Tyson

  • ♦ Administrators
  • 27,760 posts

Posted 04 December 2006 - 04:15 AM

To solve the problem of people opening their own personal bank, the guild bank could scale somehow with number of member accounts.

How is 1 person forming a guild solely so they can have extra space an issue?

It's not something you want from a design perspective, or they'd just give all players hundreds of bank slots. You don't want storage to become a nonissue, and for database reasons you may not want every random mule alt to have his own one-man guild.

Just make the guild bank start off at zero slots and have increasing costs (starting at 100g, going up to 1k or 2k maybe) for each set of slots (whether they're actual bags or something else).

#51 marketa

marketa

    Von Kaiser

  • Members
  • 51 posts

Posted 04 December 2006 - 04:23 AM

The mailbox gives everyone hundreds of bank slots already, its just a pain in the ass to manage. The mailbox has what equates to a bi-monthly fee for each item stored. If they just extended the cost to a bank system it would be bliss.

#52 CrazyGamer

CrazyGamer

    Von Kaiser

  • Members
  • 74 posts

Posted 04 December 2006 - 04:39 AM

On another note, I'm kinda surprised to hear so many stories of GMs not caring at all.

Some time back on our server, a guild website was hacked, an officer account was used to PM another officer for the guild bank password. The hacker was successful and ripped the guild bank of a minor raid guild (still like 10k's worth). It was obvious that they had been sharing the account but the GM team was extremely cooperative and went into a frenzy to restore the items and ban the guilty people.

Within 24 hours, they had restored about 90% (some had been sold so I'm considering it "restored" when they were given the low sell value instead) and had banned the hacker, a friend of his who helped him, his girlfriend who helped him, one of our officers who knew the people and was letting the hacker's girlfriend play from his credit card, and another member who was playing from his apartment at the time (same IP). Both of our members had been playing for 9 months with a perfect record when their accounts were suddenly banned without warning and without ever getting a more specific reason than "compromising an account". Despite having the victims supporting us, they were being entirely ignored and couldn't even get clarification for the ban. That incident had me busy for the better part of 3 months before we gave up, so I'm curious when they would have changed their policy so dramatically.

Was there a change at any particular point in time? This happened around November 2005.
Do the EU servers have a different policy than the US servers?
http://www.defendersofvalor.net
\"Never trust anything that a man will not set his reputation and name upon.\" - Medivh

#53 Tenskatawa

Tenskatawa

    Von Kaiser

  • Members
  • 38 posts

Posted 04 December 2006 - 05:43 AM

When our guild bank got stolen, the GMs disabled our GM's account for account-sharing. We got no help, no items, nothing. Raiding pretty much died around that time and never got going again because we lost vital mats to replace the gear we lost with server transfers. I'm convinced Blizzard just doesn't care.
"When speaking of the MMOG industry, the glass may be half full, but it\'s full of urine." -HaemishM

#54 Praetorian

Praetorian

    Mike Tyson

  • ♦ Administrators
  • 27,760 posts

Posted 04 December 2006 - 06:52 AM

When our guild bank got stolen, the GMs disabled our GM's account for account-sharing. We got no help, no items, nothing. Raiding pretty much died around that time and never got going again because we lost vital mats to replace the gear we lost with server transfers. I'm convinced Blizzard just doesn't care.

Eh, that's why I don't let anyone log on my account. Was the bank stolen by someone who keylogged the account, or was it just theft by someone who had access? Even if theoretically the former, it could be the latter masquerading.

Let's say I'm a greedy asshole, or let's say I harbor a grudge against my guild or guild leader, and I have access to the bank's account info. I go to a PC cafe or some other nontraceable IP that I have no direct connection to, log on, change his password, liquidate the assets, and then find a quick buyer for them (say, IGE). As far as the guild leader knows, he got "keylogged" and farmers stole his stuff. But did he really? Can it be proven? Can Blizzard prove it? Not really. And they're not going to do a restore of assets for someone who could be making it up, and the fact that account-sharing is against their EULA gives them an easy out.

#55 zork

zork

    Don Flamenco

  • Members
  • 477 posts

Posted 04 December 2006 - 10:00 AM

There is no need for account sharing, just tell one guy to be the bank. Just like monopoly.
If nobody is at home the bank is closed, like in real life. Its ok.
| Simple is beautiful.
| Blog | Roth UI | Roth UI FAQ | GoogleCode | Zork | Guild | zorker.de

"I wonder what the non-pathetic people are doing tonight?" - Rajesh Koothrappali (The Big Bang Theory)


#56 Tel

Tel

    Don Flamenco

  • Members
  • 395 posts

Posted 04 December 2006 - 01:09 PM

There is no need for account sharing, just tell one guy to be the bank. Just like monopoly.
If nobody is at home the bank is closed, like in real life. Its ok.

Except unlike in monopoly there are times in game when you need to suddenly get hold of 20 frozen runes to craft FrR gear for your new trialist at saph, or 8 more flasks, for the warriors at 4HM. And unlike in monopoly, this time you have 39 other people waiting for you.

Our guild runs with about 3 guild banks, all of whom control various resources and ALL have a stockpile of raid consumables (in theory) so that if one is unavailable, its easy enough for the others to stand in.

#57 Zagzil

Zagzil

    Don Flamenco

  • Members
  • 445 posts

Posted 04 December 2006 - 04:07 PM

I didn't see this linked, so:

http://beta.worldofw...geNo=4&sid=1#74

Maybe you should've read the thread then, because it's only 1 page back on a 3 page thread.

#58 Ribeye

Ribeye

    Von Kaiser

  • Members
  • 94 posts

Posted 04 December 2006 - 04:32 PM

So much of the discussion about guild banks comes down to player's concerns over security, but it is quite clear that under the current system, there is no security, and people are taken advantage of all the time. I would then argue then that the point of security is moot all together. A guild banking feature should be created for no other reason than it is a needed design feature in a game that thrives on guild creation and sustainability. Will it be taken advantage of? Sure. But every feature in this game can and will be exploited and that doesn't neccessarily take away from their neccessity within the game. A guild bank is no stranger an evolution from player run guild banks than the auction house is to sitting in a zone and shouting over a trade channel.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users