Jump to content

Persistent browser-based game

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Nerdmaster (talk | contribs) at 02:09, 31 July 2007 (Lots more detail of PBBGs, added some well-known PBBGs to the list, removed bbgamezone link as it isn't specifically relevant to PBBGs (maybe link that on the browser game page)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Definition

"Definition: A PBBG is a computer game that satisfies the following two criteria:

  1. It is browser-based. The game is played over the Internet using only a web browser.
  2. It is persistent. Progress in the game is achieved over multiple playing sessions.

PBBGs merge the depth and longevity of an application-based game with the accessibility and portability of a browser-based game. PBBG is sometimes spoken as pee-bee for brevity."

As defined by www.pbbg.org

About PBBGs

Persistent browser-based games are a specific kind of browser game. They usually rely on some kind of server-side code, such as perl scripts, PHP, Ruby, Python, or Java, though some will use technologies like Flash, ActiveX, and Java applets to store data on the client's computer. These tend to be rare due to the security aspects that must be dealt with when reading and writing from a user's local file system - the web browser doesn't want web pages to be able to destroy the user's computer, and the game designer doesn't want the game files stored in an easily-accessed place where the user can edit them.

For the more common games of this kind, the server-side code will store persistent information about players and possibly the game world in some kind of database, be it a flat text file, relational database, or game objects serialized from the server-side language to a binary file.

Security

Like any web application, a persistent browser game needs to be secured from hacking attempts. This includes well-known attacks like XSS attacks, SQL Injection, and the more amateur attacks such as changing data in a web form or a game page's URL. Obviously these attacks' threat level is subject to change depending on the technology in use: A Java applet that never renders HTML is immune to XSS; a Flash application that uses SOAP calls instead of the HTTP protocol will need different techniques to prevent changes to parameters; backend data stored in a comma-delimited text file is wholly immune to SQL Injection, but very susceptible to a user storing a comma or newline in their data. In these circumstances, the "typical" security models for web applications is obviously not advised.

Unlike a typical web application, a persistent browser game exposes certain seemingly-safe vulnerabilities that can allow cheaters a great deal of freedom. In all web applications, extreme caution must be taken to protect one user from modifying, deleting, or even viewing another user's data. To a long-time web developer who is just moving into game development, however, it's not as obvious that a player's own data must be protected from himself.

If a user of a financial web application hacks his own data, he will almost certainly get what he deserves when his accounting breaks. It is of course best to validate the data all the same, but some developers will let certain potential hacks exist because the only people who will be hurt by them are the hackers.

If a game has similar vulnerabilities, however, it becomes a different situation. If the user manages to put in a negative number in her accounting application, her data gets weird. If she manages to put a negative number into the "purchase price" field of a game, she's effectively managed to cheat, which will affect other users even though their data isn't directly altered. The cheater is able to excel against other players if the game has any player- versus-player aspects. The cheater can also corrupt the game's economy by introducing huge amounts of money, causing an inflation effect, or cheat to duplicate a rare virtual object, causing its value to be destroyed for others who worked hard to get it.

Additionally, computer games attract cheaters with more motivation than a normal web application (other than applications that allow access to bank accounts and other sensitive data). A computer game is unlike a basic web application in that there is usually some form of competition, particularly in games that focus on player vs. player interaction. Because of this competition, there is a lot more incentive to cheat than to hack a web application. In both scenarios, the hacker may get the satisfaction of causing damage to others' data, gathering information he shouldn't, etc. But in the game, the hacker is additionally able to better achieve victory.

List of well-known PBBGs

Retrieved from "https://en.wikipedia.org/w/index.php?title=Persistent_browser-based_game&oldid=148180490"