Designing a Real Guild Bank... - Page 2

Eej · 09/23/06, 1:52 PM

Originally Posted by james

Originally Posted by Eej

See, I found a clever method around your overly controlling scheme!

Or Blizzard could define a policy about such behaviour.

Wait, you want it such that you're not allowed to boot bad people from your guild? Why should Blizzard (or anyone for that matter) interfere with a guild officer's right to boot people who they believe don't make the cut?

Dakous · 09/23/06, 2:25 PM

Relatively easy and imo fairly necessary feature (especially from a "Please, save the CSRs!" perspective -

Auditing transactions.

Malan · 09/23/06, 2:57 PM

Originally Posted by Daboran

Originally Posted by Malan

Heck, make it a real time transfer - if an officer is on that has sufficient rights to authorize withdrawls, he gets a pop up approval window allowing him to allow, or deny with a short comment explaining why. If allowed the item is immediately given to the player in question.

They wouldnt do this, it would break the limitation on potions/buffs. Theres a reason pots only stack in 5's.

I have no idea how what I said relates in any way, shape or form to potions/buffs stacking.

Whitemane · 09/23/06, 6:09 PM

Originally Posted by Hexel

Actually I'm pretty sure this is something Blizzard indeed has thought of, and thought better of.

Now, I'm going to set myself in the role as a game designer who's just been given the task to evaluate the feasibility of implementing a fully functional guild bank / vault system in a game like this.

Obviously your first thought is "it's a great idea, encourages guilds to cooperate, no reason not to implement it!". But as you keep pondering a few points start making themselves apparent. First and foremost, of course, in huge online games like this - everything that can be exploited in any way will be, of that you can rest assured. Since a guild bank system is no different from a real bank in the fact that someone else is effectively handling and keepsaking your resources, the system has to be foolproof.

Now, the first step towards foolproofness would of course be to handle a lot of it, if not all, serverside. This is going to add to total server load. Even so, what could you come up with that makes sure a corrupted guild leader / officer does not just empty a guild bank and take off with 25k gold? Do you make all the movements dependant on more than one person acknowledging? It's still only people, basically this might lower the possibility but it's still going to happen. Are you ready to handle the extra log requirements as a result of this, and the extra load on game support to restore stolen items?

Basically I can see why you wouldn't implement such a system just based on the possible exploitations it brings with it. Of course, this is bad news for those of us who are actually thrustworthy and would benefit from the simplicity of having a built-in system to help in our daily guild-resources-handling routines, but still the possibility to set up a working bank / vault system is in the game as it is.

So as a game designer I would say; do not make an explicit system for this, instead make sure it's feasible that players who wish to create one can do so.

All the things you have just mentioned there Blizzard has already covered by saying that they basically don't give a shit if it happens to you.

Copernicus · 09/25/06, 3:19 AM

If any guild bank features ever get implemented, I'd love to have a "Guild Repair Bot" that uses the guild's gold to repair. Would have to require a minimum guild rank to use etc to prevent abuse etc.

Ghiest · 09/25/06, 6:15 AM

I would settle for just some decent guild tools let alone a guild banking system. Games 5+ years older than WoW have a better guild structure system, it's one of the only things that let down Warcraft imo.

But I'd prefer not hte password method rather than just a guild rank entitlement.

Grillkohle · 09/25/06, 7:35 AM

Originally Posted by Copernicus

If any guild bank features ever get implemented, I'd love to have a "Guild Repair Bot" that uses the guild's gold to repair. Would have to require a minimum guild rank to use etc to prevent abuse etc.

And while they're at it, they could tag the repair bots as Ironforge/Orgrimmar faction, for honored discount... *keeps dreaming*

Kalman · 09/25/06, 8:54 AM

Originally Posted by Daboran

Originally Posted by Malan

Heck, make it a real time transfer - if an officer is on that has sufficient rights to authorize withdrawls, he gets a pop up approval window allowing him to allow, or deny with a short comment explaining why. If allowed the item is immediately given to the player in question.

They wouldnt do this, it would break the limitation on potions/buffs. Theres a reason pots only stack in 5's.

The remote mail terminal being implemented in TBC is already breaking this limitation.

Liar · 12/03/06, 4:57 PM

/Rebirth

Originally Posted by Enoyls

We already have a design for guild banks and were going to get it into the Burning Crusade, but it is now scheduled to be added in a future content patch after the expansion ships.

Source: http://beta.worldofwarcraft.com/thre...eNo=4&sid=1#74

It's not much, but atleast they are aware of the problem.

PS: That is the first Bliz employee that I am aware of that signs his posts :P

Goreshot · 12/03/06, 5:42 PM

As it stands now, the <> tag is nothing more than a glorified chat room. This keeps things simple for Blizzard (low overhead), but in the long run, I think it hurts them more than it helps them (since guilds work around their lack of resources by manipulating and abusing current in-game resources like mailboxes). I agree with the sentiment that if they are going to implement something (all signs point to no), it'll be something extremely simple that no one will be happy with.

Originally Posted by Praetorian

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

This won't happen because Blizzard is too damn lazy to implement such a scheme just to log into the game, which would destroy all current keyloggers and potentially shut them down for good.

Tangles · 12/03/06, 5:44 PM

Originally Posted by Goreshot

As it stands now, the <> tag is nothing more than a glorified chat room. This keeps things simple for Blizzard (low overhead), but in the long run, I think it hurts them more than it helps them (since guilds work around their lack of resources by manipulating and abusing current in-game resources like mailboxes). I agree with the sentiment that if they are going to implement something (all signs point to no), it'll be something extremely simple that no one will be happy with.

Originally Posted by Praetorian

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

This won't happen because Blizzard is too damn lazy to implement such a scheme just to log into the game, which would destroy all current keyloggers and potentially shut them down for good.

Whats really runny is that there is a free korean 2d mmorg called Maple Story and it has the virtual keypad where you have to enter a 4 digit pin # in addition to your regular password to long on. Good stuff.

• malthrin · 12/03/06, 5:46 PM

Which signs are pointing to no? Please don't post if all you have to contribute is speculation.

ooj · 12/03/06, 6:00 PM

Originally Posted by Grillkohle

Originally Posted by Copernicus

If any guild bank features ever get implemented, I'd love to have a "Guild Repair Bot" that uses the guild's gold to repair. Would have to require a minimum guild rank to use etc to prevent abuse etc.

And while they're at it, they could tag the repair bots as Ironforge/Orgrimmar faction, for honored discount... *keeps dreaming*

And while they're at it, they could let you send all boss gold straight too this bank to fund this "Guild Repair Bot" who has faction discount! It could also sell regeants which would be limited by player so it cant be abused! maybe the next expansion.

marketa · 12/03/06, 6:03 PM

Otherwise you could simple make your own guild, get some level 1's to sign your charter, and hey presto, you have a massive amount more bank space than was intended for the average player.

Who cares. If the average player wants more bank space they can make a fake guild. Does more complexity hurt anyone? Does a fake guild hurt anyone? The current system is retarded.

Eej · 12/03/06, 6:06 PM

Originally Posted by marketa

Otherwise you could simple make your own guild, get some level 1's to sign your charter, and hey presto, you have a massive amount more bank space than was intended for the average player.

Who cares. If the average player wants more bank space they can make a fake guild. Does more complexity hurt anyone? Does a fake guild hurt anyone? The current system is retarded.

This problem is solvable by requiring that the guild bank be purchased with lots of golds. So it'd be a more expensive personal bank, but with more slots and also features that personal banks don't really need... no one's going to make their own alt guild for that.

Trashe · 12/03/06, 7:42 PM

Originally Posted by Praetorian

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

I don't see how a keypad for a pin code would be any less exploitable than a password. Assuming the keypad would also be coded in the same XML/scripting interface, someone could just open up the code the the keypad and write a bot that spams it with all 8999 (?) number combinations.

• Galatea · 12/03/06, 7:58 PM

Originally Posted by Trashe

Originally Posted by Praetorian

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

I don't see how a keypad for a pin code would be any less exploitable than a password. Assuming the keypad would also be coded in the same XML/scripting interface, someone could just open up the code the the keypad and write a bot that spams it with all 8999 (?) number combinations.

You handle that the exact same way you deal with it on any server password interaction. You limit the speed of entry. The first time is instant, then the next few are rate limited to one try a second, then it slows down to one try a minute, or locks out the person from the guild bank entirely. It is all done on the server side, so the fact it might be scriptable is not a big deal.

My big issue is with click logging. If you can key log, you can also log the position of the window, and the clicks, and calculate the window relative clicks. Since WoW internal windows are not real OS windows they could solve that by putting it at a random location, and ordering the buttons in a random order.

Sorrowheart · 12/03/06, 8:27 PM

Most of the "really secure" door locks that use keypads randomize the numbers every time you press the button enter a sequence anyways, so it might take a little bit for "Joe Random User" to get used to a keypad that changes number locations, but if they have to click it anyways, it's not as big of a deal. I do like the idea though. Anything that helps prevent against keyloggers is good.

Eugorym · 12/03/06, 8:52 PM

Originally Posted by Trashe

Originally Posted by Praetorian

4) For added security, the way you have to type "DELETE" to junk a blue or better, let the guildmaster set a password that has to be typed in order to access the guild bank, once per access session. (If you really want security here, make it a virtual keypad that pops up.) Now the guild is only vulnerable to betrayal from within, rather than one random officer getting keylogged.

I don't see how a keypad for a pin code would be any less exploitable than a password. Assuming the keypad would also be coded in the same XML/scripting interface, someone could just open up the code the the keypad and write a bot that spams it with all 8999 (?) number combinations.

That would take significant time to go through all permutations and hopefully after 4 or 5 wrong guesses it would lock out for a while.

CrazyGamer · 12/03/06, 9:27 PM

A few other things I would like to see:

Separate areas of access:
It would be nice to designate consumable access for some and armor scrap access for others. Not a big deal in any of our guilds I guess but could help with the trust issues in a recent guild and reduce the potential customer service work Blizzard would have to do by not having to give someone access to all the gold and raid materials if you want him to distribute potions before a raid.
Even better if you could assign lists for each area and items on those lists would go to their respective areas if there would be room (and otherwise to the misc. area if there would be room there).

Ignoring "unique":
This tag should have no feature on a guild bank.

Increased stacks:
It makes sense to restrict the amount of potions a player can carry. For banks though, wouldn't it be better for Blizzard to let them stack hundreds in individual slots than spread them in 40 separate slots?

Crafting:
It would be a major reduction of timesinks in guild management if crafters could use materials in the guild bank to craft items which would then appear in the guild bank. Ideally the crafting time would be removed or greatly reduced so you could swiftly convert extreme volumes of materials into the proper potions.

Polleke · 12/03/06, 9:29 PM

Intercepting mouse clicks is just as easy as intercepting keyboard input. Even when you locate the keypad at different positions, you can figure out the memory patterns pretty quick. Random position of the digits on your keypad would make it hard, but not inpossible.

Only hardware solutions are feasible because then you can control the data at a level outside of the uncontrollable OS. The OS will only see one-way encrypted data.

Back to the guild bank. If Blizzard would just implent a guild storage place, with withdraw and placement access managed at server level, throw in a bunch of lua functions, and within weeks complete managment addons will be made. Complete with logs, requests, automated handling of certain items, you name it.

The idiot who ebays the guildbank problem remains ofcourse. And I'm curious to how Blizzard will handle it. Completely ignoring it and saying that it is the responsibility of the person donating to the guild bank I think is doubtfull. I think they will just accept the extra GM load.

♦ Praetorian · 12/03/06, 9:48 PM

The EBay issue would be no worse than the current scenario. If a leader is paranoid about it, then he can give no one else withdrawal access. As things stand now, plenty of guild banks have a password known by multiple officers -- surely anything that discourages account-sharing is a positive change, particularly from Blizzard's perspective. And as noted, by adding a separate secure in-game bank password, you could ensure that the assets are safe against keylogging, unlike the status quo where a keylogged guild bank is everyone's worst nightmare.

Korhallen · 12/03/06, 9:58 PM

Everquest 2 has pretty much the ideal guildbank system.

You can set permissions, ranks in the guild that can use, make certain banks view only, no view, donate only, etc. Guildmembers can deposit directly to the bank at any bank, has a bank log of who's added/taken what, etc.

Lank · 12/03/06, 10:55 PM

To solve the problem of people opening their own personal bank, the guild bank could scale somehow with number of member accounts.

Shik · 12/03/06, 11:51 PM

Originally Posted by Lank

To solve the problem of people opening their own personal bank, the guild bank could scale somehow with number of member accounts.

How is 1 person forming a guild solely so they can have extra space an issue?