How should chat be transmitted and stored in an MMO?

Players in MMO games can usually send messages over different channels (private, public, guilds, et cetera).

How would I transmit and store this data so as to prevent outside users from being able to access somebody's private chat messages? Should I store the data in a temporary game log, or a database?

Answer

You're never going to really remove the ability for an outside party to intercept chat packets from clients, and you shouldn't worry too much, because when you're building an MMO you're building a game, not a industrial-strength crypographically secure chat platform.

You should implement chat messages as follows:

• The client transmits the chat data, which at a minimum includes the chat message but probably also includes channel or group information (such as public chat, guild chat, player-to-player whisper, et cetera).


• The server gets the chat data. First it logs it, probably somewhere offline because there's no need to keep it resident in memory for longer than necessary. Logging is important and often overlooked, but it's incredibly useful for GM arbitration and forensic diagnostics. When you run an MMO, you want to log everything.


• Once the data's been logged, the server determines who should get the chat message and broadcasts it appropriately. The server can then drop the remaining data on the floor; it doesn't need it any longer.

The most-vulnerable point here is the initial client-to-server transmission. If somebody snooped those packets, they could see messages not technically intended for them. You could encrypt the data, but that's a lot of effort for only minimal gain. The client must be able to decrypt chat packets eventually, and intercepting the packets as they leave the client would be the best place to do the aforementioned snooping, so the key is already available to the snooper, just a little harder to find.

It's very important that you pass your chat through a server that you are in control of, though. It need not be the game server, it can be a dedicated server for funneling chat, but you want to control the routing. It lets you have oversight for GM disputes, it lets you enforce user requests to block or mute other users, it solves the issues you might have with NAT punching or other networking shenanigans you can have trying to do peer-to-peer chat, and it provides enough of a barrier to casual hacking (which peer-to-peer chat is prone to) to solve 90% of the security concerns. Which is about as good as you'll get.