Launcher - verification before update
-
The verification that happens before every update (however small that update is) is too long and heavy load on disk. Question / suggestion:
Whatever the output / result of the verification process is, why can't it be saved to some log / db after previous update, and has to read all the data again and again ... ?
Basically switch from:
- Verificiation (long heavy disk usage).
- Update (usually quick / short compared to 1.).
To:
- Read previous update info (log / db / ...), should be much shorter than physically read of all game data / files.
- Update.
- Save new / changed info (to log / db / ...).
The option to run the physical verification can still be there, in case something was corrupted. That is what many clients have as repair option. But most of the time this is not needed.
-
@Kerdon in your example you assume the user to not tamper with the files, you should always assume malicious intent when writing code that is ment to let users connect to your server.
converting the files into some kind of hash, for example Sha-512, and comparing hashes before and after update with server side calculated expectet hash could be a solution, depending on the processing power of each user. but since this is some kinde of CMaNGOS wotlk emulation, chances are a lot of people, like my self, are gaming on a potato. converting stuff to Sha-512 on older machines can take ages.
also hashes are no proof that files are not tampered with and can be forged...
-
@x3cutiex3 I don't know much about dealing with tampering of files. But when starting game with no new update, the game is not running the same verification process. So I don't see how the verification process checking the files before update stops the same malicious users from tampering the files again after update.
Anyway, my main point and assumption was, that the launcher updates could work better for most of us, who just play the game (with files only updated with the launcher). And keep the current way maybe for manual "repair" if something was corrupted (e.g. interrupted update, manual file deletion, ...) .
-
@Kerdon i get these integrity checks at least once a day, even w/o available update. converting only certain files, not disclosed to the user which they are, to hash and comparing the output against the expected result could reduce the time required to check by a lot while maintaining a certain amount of sanity checking.
you are correct, it is never possible to 100% state that the client is not a malicious actor. which is why certain, maybe most AAA, online games have privilege to constantly scan all running processes of your machine.
maybe i am wrong about my assumption that the full scan every time you update is about anticheat, but rather for stability reasons. in which case i would fully support your suggestion to drop the default full scans and just assume file integrity, for benefit of a faster completion of the update process.
-
I've noticed that some recent updates were not scanning full files (and for as long as previously) anymore. Not sure if there was info / patch notes mentioning it, or if this will be universaly the case going forward. But it definitely was much better / faster, on my pc at least.
If you are unable to sign in, please set your Display Name.