Letter from the Producer LIVE Part X: Will the netcode issue be honestly addressed?

[Alcyon_Densetsu]

So my conclusion is that using this model to stop hacks is needlessly paranoid. And if there are supposed to be other advantages for using FF14's model over the conventional one, I sure can't find any.

I can't give a definitive comment on the technical side, however what I know is that this game was more hacked so far than any other MMORPG I've played in the last 10 years, including a few crappy F2P's made by small companies.

I mean, just the whole '380 billion gils deleted from people's accounts' speaks for itself—without so much as an apology by the way, several server-first to achieve miner 50 and stuff like that… talk about an awful way of treating your most hardcore and dedicated customers… And that japanese guy who had 2 billion gils and all the pets, when some are not even accessible in-game yet… SQL requests were accepted by the database without any check whatsoever (I really hope they fixed that since, but it went on for a month after release at least)… And the teleport hacks which are still happening with RMT's bots… yeah, SE's security? 'LOL'.

They really sacrificed gameplay quality and responsiveness for this kind of security? That's a flat out fail, there's just no other way to express it.

In theory server live-state might be better for security, but in ARR it's like they closed the door a la Fort Knox while leaving the window just next to it wide open.

[Astarica]

I can't give a definitive comment on the technical side, however what I know is that this game was more hacked so far than any other MMORPG I've played in the last 10 years, including a few crappy F2P's made by small companies.

Well teleport is basically impossible to stop because the server views all player movement as teleportation. The other stuff seems to be serious exploits, but not actually hacking, and that also highlights the fact that most serious problems with security are exploits, not hacks. You'll hear far more issues that are equivalent of just someone logging in as admin/admin, as opposed to someone doing some crazy hax0r skills to somehow get past all your layers of security. I remember reading one of the hacks that lets you login as anybody in RIFT because they've some backdoor login protocol, and why would you even build a backdoor login protocol on the client in the first place? Why would anyone running a client version of any MMORPG even need the ability to log into anyone else's account without a password? Yet it's these dumb decisions that are usually the biggest security threats, not because your encryptation wasn't strong enough.