trading card game security

Hi,

So I’m creating a trading card game (much like Magic: The Gathering, with different gameplay mechanics).

To test I usually create cards on the fly, but now it’s time to create a database.
So I first thought of simply setting up a xml file which contains all cards and an object file of players with their decks and cards.

Problem though, it’s not quite secure to save it locally.
So I was thinking of creating a server which keeps tracks of all cards and players.

The server would later be used to create rooms where players could battle each other.

But I’m not sure where to start.
So I have a few questions on this matter:
Is xml advised? Let’s say I have around 250 cards. An example of xml would be:

<?xml version="1.0" encoding="UTF-8"?>
<creatures>
<creature name="Skeleton">
  <description>This is a skeleton</description>
  <damage>3</damage>
  <health>2</health>
  <cost>2</cost>
  <type>ground</type>
  <effects>
   <effect name="Lightning">
    <target>opponent</target>
    <skipturn>false</skipturn>
    <damage>2</damage>
    <cost>2</cost>
   <effect>
  </effects>
</creature>
<creature name="Slime">
  <description>This is a slime</description>
  <damage>1</damage>
  <health>1</health>
  <cost>1</cost>
  <type>ground</type>
</creature>
<creature name="Pinguin">
  <description>This is a pinguin</description>
  <damage>0</damage>
  <health>3</health>
  <cost>1</cost>
  <type>flying</type>
  <effects>
   <effect name="Heal">
    <target>self</target>
    <skipturn>false</skipturn>
    <damage>-2</damage>
    <cost>1</cost>
   <effect>
   <effect name="Push">
    <target>target</target>
    <skipturn>true</skipturn>
    <damage>0</damage>
    <cost>1</cost>
   <effect>
  </effects>
</creature>
</creatures>

How would cards be imported in game (from the server)? Is it a one time retrieval (copy to new card object)?
Or what’s your view on this?

How would you save up players and their info? For example cards? Would you keep track of only the id’s of cards?

Maybe any more suggestions on what I should pay attention for?

Regards
Goowik

If the game is online-only:

• Player connects to the server
• Server sends Player’s account’s cards (use anything you want, others may help you more on this)
• Player plays
• Player buys/wins a new card
• Server updates Player’s card
• Server sends Player’s account’s cards
• Player sees his new cards

The player never sends “card list info” to the server. So no hack’s allowed there.

If the game is offline-only:

• If the player wan’t to cheat, he will cheat one way or another, make it fun care about other stuffs and get it done.

If the game is online-offline:

• Use a mix of both

Hope it helps

Thanks, will check into it.

I’ll probably make it online only. Now I just need to check out how server scripting works

Anything special I need to take into account?

Make sure to notify me or make a showcase thread so that I can play it when it comes out.

Cheers

Hehe I will

@_Al3x: Btw, if I use an online version only, should I check each second whether the user is connected to the server or not?
The only thing that comes through my mind is a separated thread that checks the connection. But isn’t that abundant (not sure if using the right word here)?

Or what other solution is there?

Redundant might be the word you are after.

Cheers

You don’t need real-time checks like RTS or FPS, but we’ll need others with more expertise on the subject to come and help you out.

There’s old and easy to grasp way of creating a new Thread for every player or you can read about java.nio (java new IO) which came in java 1.4 and learn about the idea of “Channels”. Java NIO makes extensive use of low level hardware/OS specific networking thingies and to really get an intuition on how it works you’d probably want to read about it.

Read this thread for more info and it also has an example on a simple server in java.nio as well as links to learn about java.nio: http://www.javaprogrammingforums.com/whats-wrong-my-code/8366-java-tcp-multiple-clients.html#post63245

Unless you absolutely must know the client is connected every 1 second… but then again a socket should automatically send a disconnection message when he disconnected.

So basically, no you don’t. What you could do, is if the client has been idle (not sent you any messages) for about 3 minutes you could send a PINGPONG check to see if he’s still there.

Im terribly sorry for this late response. I totally forgot to enable notification when a reply has been sent.

So the idle part can be fixed by a simple turn timer (of about 30 seconds).
Problem however is I’m still new to netwroking and all example I seem to find are just text thats being sent.

So should I read out my xml files and send the content? One issue i can think of is that the total amount can exceed a few Mb’s.
I suppose this should be done using some loading ‘pattern’ using different threads.

Sigh, the longer I think about this project the more difficult it gets.

If the rules even begin to approach the complexity of M:tG, the networking is the really easy bit.

BTW your XML snippet looks a bit denormalised. How many of an effect’s parameters will vary between uses? Some effects might have variable target constraints; some might have variable costs; and some might have other parameters (e.g. damage, secondary cost, number of cards returned to hand), but you only really need to configure the variable parameters on a per-card basis.

Well that was also an issue I came across.

But before continuing I shall start to figure out how the rules will be.
I will try and create a different set of rules, where positioning will be important and skills will be at a minimum.

For example heal, block, damage, multi target (no variable damage or whatsoever).