Player abusing narrative freedom

I’m running a play-by-post homebrew game. The game is narrative-driven, so naturally I allow players to make up their own races, backstories, abilities etc., as long as they “don’t overdo it” (as I put it).

The problem is one player who doesn’t seem to get what “overdoing it” means. At first he wanted to make his player an all-out superhero, and I had to talk him down from it. This was no easy task. This guy is well-meaning, but he doesn’t seem to realize that this isn’t a single-player power fantasy.

I tried explaining to him that he would outshine the other players, and completely derail my plots, not to mention that the theme of my world is being tossed out the window.

My reasoning seemed to help at first, but now he want his character to be a god.
Literally. In a gritty, post-apocalyptic cyberpunk setting.

Part of the problem is that he’s not even asking; he’s building his own world, and just keeping me updated.

This puts me in an uncomfortable situation where I have to either bluntly veto his posts (and there sure are a lot of those…) or start negotiating with him.

He really means well, and I don’t want to hurt his feelings, but I can’t let him keep this up.

So… any elegant way to put him in place?


Update:

I’m the sole GM.
There are 5 other players.
We are not part of another community.
It’s a forum, with major updates about once every two weeks with smaller updates in between.
I’m basically in command, but I announced from the start that players have freedom even to determine minor outcomes of their actions.

Abusing ElGamal in order to attack a known encrypted text

I saw a very interesting question regarding Elgamal cryptosystem that I don’t know its answer. It is really interesting and I would be very happy if you could elaborate on it and explain the tricky part.

It goes like this: given Elgamal Cryptosystem:

1) Show how it is possible to create a valid new encryption from two different encryptions that we don’t know their decryption

2)How can an adversary take advantage of this property in order to attack a known encrypted text?

I don’t understand it, and it seems really cryptic and interesting. Tried digging on it but couldn’t find the connection or insights.

Seems really fascinating, would appreciate if you could explain it so I can understand this riddle.

How do I prevent my players from abusing long rests?

I am a DM for a D&D 4e game. My players (especially the wizard) like to take an extended rest after every single encounter, because he resorts to using his daily powers in every single encounter (additionally, the players like to take a long rest to completely heal instead of spending healing surges). My issue with this is that it (1) stretches my suspension of disbelief, because the part will have one fight and then sleep and then repeat, (2) makes the party feel overpowered because they are constantly using powerful abilities and (3) bothers me because it seems like the players have no concept of resource management, both in terms of using healing surges and it saving daily powers.

Side-note: I understand that the rules say that you have to wait 12 hours in between extended rests, but I’m still not sure what’s stopping players from sitting around for the twelve hours than taking another extended rest.

Another point I can bring up is that my players are not super well-versed in the rules. They have a pretty good grasp but I am not sure they completely understand short rests (although I have explained short rests to them), and I am not sure how to help them better understand.

One solution I’ve heard is to have time-sensitive missions, and while this does seem like a good solution, not every quest can necessarily be time-sensitive.

How can I prevent my players from abusing long rests by constantly taking them?

Having restrictions on library usage yet providing a workaround for abusing library features

In terms of design, I thought that having concrete restrictions on the use of your library is a must, so you can guide the user to the intended and most optimal use of your library, but at the same time I feel like next to it, having a way to overcome these restrictions is also a good idea for providing the needed freedom in certain cases.

For example, let’s say I have a class which I mark as final because I don’t want client code inheriting from it, but at the same time, I want to have this workaround.

I came up with the following example code for the case with the final specifier.

#ifdef OPEN_TO_MODIFY     #define FINAL     #else         #define FINAL final #endif  class Foo FINAL { }; 

You will need to just define the OPEN_TO_MODIFY macro in your code and the classes won’t be final anymore, so you can freely inherit from them and abuse them as you want.

Is this design choice a bad practice (having concrete restrictions yet providing a workaround)

Am I abusing my authorization token handler?

Background

I have an authorization handler of the form:

Auth(AllowedGroups, Token) -> [Allow/Deny] 

Where the Token consist of the following tuple and its MAC tag.

TbsToken := (userid, usergroup, expiration) Token    := (TbsToken, MAC) 

The MAC key resides on the servers’ sides, and along with the authorization handler, is used for automatic authentication with server B once user is logged onto server A.

A while ago

Now server B gets the new function of serving objects to invitees that appear anonymous to the server. To determine which object to serve, 120-bit (padding-free in base32) random ID of the object is passed to the access point.

Along with the ID, is the said token with “userid” removed (because anonymous) and “usergroup” replaced with the object ID. And the authorization handler is reused and called as:

Auth(ID, ((anon, ID, future), MAC)) 

It raises an alarm in me because the “AllowedGroups” is now controlled by the client, but I cannot see obvious ways this leads to vulnerability.

Is the authorization handler call 1) useful but may need tweaking? 2) useless as ID is already random, or 3) a security concern that must be removed?