I'm not really sure where to post this (I don't know much about bukkit dev), so please move my thread to the appropriate section if I posted in the wrong one. Edit: Yup, it belongs in Bukkit Project and Community Feedback. So, I hear that moving too quickly can allow hackers to cause MAJOR griefing and/or server crashes (for obvious reasons), and maybe even a fabled array overflow somewhere to allow them to take control of your server. The problem is of course, blocking fast movement prevents player cannons from working. Here's the solution: In the moving too quickly check, you're comparing the player's current speed to a stationary speed of zero. That's not what prevents griefing/crashing. To prevent the moving-too-quickly hack, you just need to compare the player's current velocity (including direction) to the last velocity that the server set for them. For example, suppose the player's velocity was set to 100 straight up in the air 2 seconds ago (e.g. by a cannon plugin), then the player's current velocity should be slightly less than that (accounting for air resistance and gravity) in the same direction. If the player deviates too far from their course, the server can just put them back on their correct velocity and no one will notice a thing. If the player reduces speed at any time (e.g. hits the ground at the end of their journey), just lower the magnitude component of the server-side reference velocity to the lower speed. Lastly we have plain, unassisted falling, which is the trickiest bit to get right. In this case you would have to detect that the player is in fact falling in the downward direction (not just using a fly hack), and slowly increase their server-side reference velocity to match (with a downward direction component, remember!) So, can I get a developer's opinion on this, or can someone point out something I missed in my maths? P.S. Don't say "player cannons load too many chunks," because that's not the security problem; its up to the server owner how much server resources they want hogged by their cannons.
Your method of checking for unnatural movement seems pretty intelligent. The only issue is that I've looked into overriding the server's "moved to fast check" and could never find a way to.
Yes, I've been scouring the internet looking for one myself. The bukkit team has been (very) actively suppressing how to do it and patching all the methods people come up with to improve security. :/ I've figured out where the check happens in the code and deleted it, but I haven't been able to get bukkit to compile. Maybe I should try again... (not today as I have tons of other stuff to do)
Definitely keep working on this, it sounds great. Just make sure you check, check, and recheck the mathematical aspects a thousand times, because something like this is very delicate and the slightest mistake can be fatal.
